Read, write, execute permissions not working.

[xavieranderson]

I am using CentOS 6.X.

I am trying to give a user called "blog" access to read, write and execute files and folders in his directory.
His directory is at /home/web/html/blog/

How can I give him his proper access?

I've tried chmod -R /home/web/html/blog/ 775


Note : His group is set to "apache" for some reason, the same as the account for my web hosting software. I'm not sure why.

[atreyu]

Hello,

The usage of chmod is:

Code:

chmod [OPTION]... MODE[,MODE]... FILE...

so try:

Code:

chmod -R 775 /home/web/html/blog/

but if this is blog's home dir, why cannot he do this himself?

Note : His group is set to "apache" for some reason, the same as the account for my web hosting software. I'm not sure why.

Can you not change it to his group, using chown?

get his primary group name like:

Code:

 groups blog|awk '{print $3}'

say his group name is "users". then use chown like:

Code:

chown blog:users /home/web/whatever

[Miven]

do

chgrp apache /home/web/html/blog/

or, more likely

chown blog /home/web/html/blog/

or both, now that you've set the perms appropriately.

[xavieranderson]

Ok, for the sake of simplicity, I changed "blog"'s group to "blog".
After I did that, the home directory no longer applies, it sets the home dir to /. Even after I applied the home directory to "/home/web/html/blog/"

Now if I do

chgrp blog /home/web/html/blog/

It still doesn't work. Not only that, but now all other directories besides /home/web/html/blog are now completely read write and executable....
This doesn't really make sense, as this is the exact opposite of what we need. Is something wrong with my system files?

[yancek]

His directory is at /home/web/html/blog/

His group is set to "apache" for some reason

The directory would appear to be for a web server and on many Linux system you need user:group apache:apache so put your user "blog" in the apache group. See the link below which describes the method for Ubuntu. For CentOS, replace www-data with apache.

Ubuntu Linux: Add a User To Group www-data ( Apache Group )

If this isn't a web server (??) post back.

[atreyu]

Ok, for the sake of simplicity, I changed "blog"'s group to "blog".
After I did that, the home directory no longer applies, it sets the home dir to /. Even after I applied the home directory to "/home/web/html/blog/"

What does "applying the home directory" mean, exactly? That does not make sense to me. Can you show a command that illustrates what you mean, and show errors it gives, if it fails?

Also, if this a web server, and you are trying to access the files via a browser, check the web server log files. for example, if CentOS/RH/Fedora, try (as root):

Code:

tailf /var/log/httpd/error_log

and you should get some helpful info there. If the files/directories need to be accessed by the web server, then all the dirs leading up to that dir need to be readable/executable by the user running the webserver (apache, nobody, etc.). Show the permissions of those dirs (via "ls -l" output) if you are in doubt.

[xavieranderson]

I'll try to explain things as simply as I can.

Lets say I need a "blog" account created. He need to have his home directory set to "/home/web/blog", so when he logs into filezilla or through SSH, he only has access to all the files
after that home directory. He needs read, write and execute permissions.

I do not want him to have access to any folders or files before /blog.

How can I do that?

[atreyu]

I'll try to explain things as simply as I can.

Lets say I need a "blog" account created. He need to have his home directory set to "/home/web/blog", so when he logs into filezilla or through SSH, he only has access to all the files
after that home directory. He needs read, write and execute permissions.

I do not want him to have access to any folders or files before /blog.

How can I do that?

Google setting up chroot jailing for your distro, I think that is what you want to do. anyway it is what I have done in the past to achieve this. Doing it for sftp/ftp is straight-forward, but I recall remote shell (ssh, etc.) being a little trickier (but still doable).

[Miven]

I just logged in as root and typed

Code:

mkdir /home/web
adduser -d /home/web/blog -m  blog
passwd blog
Changing password for user blog.
New UNIX password: ******
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password: ******
passwd: all authentication tokens updated successfully.

and now I have user 'blog' with home at /home/web/blog and password 'blogger'. Found an empty login somewhere, and logged in. That simple.

[atreyu]

I just logged in as root and typed

Code:

mkdir /home/web
adduser -d /home/web/blog -m  blog
passwd blog
Changing password for user blog.
New UNIX password: ******
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password: ******
passwd: all authentication tokens updated successfully.

and now I have user 'blog' with home at /home/web/blog and password 'blogger'. Found an empty login somewhere, and logged in. That simple.

That will not prevent the user blog from changing to say /home, or /, as the OP requested. For that, you need something that does chrooting.