Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
I have 2 web sites, one is actually a forum off the main www site - but they are seen as 2 separate sites by the system, and have their ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2009
    Posts
    9

    Permissions help needed! (giving one web user access to another's fil


    I have 2 web sites, one is actually a forum off the main www site - but they are seen as 2 separate sites by the system, and have their own separate folders in /public_html

    I have scripts in the forum site that edit/move files in the www site - but the only way the scripts can work is if I first change the permissions on the files/folders being used in the www site to 777, then run the scripts on the forum part, then change the www file/folders back to 644/755.

    A real pain, and not very secure.

    Is there a way I can give the forum web user access to the www files/folders? I'm guessing it has something to do with adding the forum user to the www user's group. (I'm NOT knowledged in Linux at all!! (as you can already tell)).

    Need help!

    Running CentOS 6.4 I believe.

    (lets call forum username and group name: forum / forum and the www username and group name: www / www )

  2. #2
    Linux Engineer hazel's Avatar
    Join Date
    May 2004
    Location
    Harrow, UK
    Posts
    1,219
    usermod is the command you need. It can be used to modify any user properties.

    To add the forum user to the www group, you can use
    Code:
    usermod -Ga www forum
    The -a option adds the user named at the end of the line to the specified group; -G preserves any existing group membership.

    Of course this will only work if you set the file permissions to allow editing rights to the group.
    "I'm just a little old lady; don't try to dazzle me with jargon!"
    www.hrussman.entadsl.com

  3. #3
    Just Joined!
    Join Date
    Aug 2009
    Posts
    9
    Quote Originally Posted by hazel View Post
    usermod is the command you need. It can be used to modify any user properties.

    To add the forum user to the www group, you can use
    Code:
    usermod -Ga www forum
    The -a option adds the user named at the end of the line to the specified group; -G preserves any existing group membership.

    Of course this will only work if you set the file permissions to allow editing rights to the group.
    Thanks!

    So for perms, would the file I use the script to edit (currently 644) change to 664 ? And folders from 755 to 775 ?

  4. #4
    Linux Engineer hazel's Avatar
    Join Date
    May 2004
    Location
    Harrow, UK
    Posts
    1,219
    Quote Originally Posted by z0diac View Post
    Thanks!

    So for perms, would the file I use the script to edit (currently 644) change to 664 ? And folders from 755 to 775 ?
    Certainly that mode for files would make them editable by the group. For folders, users don't need write access except to create or delete files; for editing files in situ, read+execute is OK for the folder.
    "I'm just a little old lady; don't try to dazzle me with jargon!"
    www.hrussman.entadsl.com

  5. #5
    Just Joined!
    Join Date
    Aug 2009
    Posts
    9
    Quote Originally Posted by hazel View Post
    Certainly that mode for files would make them editable by the group. For folders, users don't need write access except to create or delete files; for editing files in situ, read+execute is OK for the folder.
    The one script I run (in forum.domain) needs to move files from one subdirectory to another in the www site and it just gives permission denied when the subdirs involved are set to 755. I'd LIKE to leave perms as low as possible, but it seems 775 is the only way the script will work. (?)

  6. #6
    Linux Engineer hazel's Avatar
    Join Date
    May 2004
    Location
    Harrow, UK
    Posts
    1,219
    Quote Originally Posted by z0diac View Post
    The one script I run (in forum.domain) needs to move files from one subdirectory to another in the www site and it just gives permission denied when the subdirs involved are set to 755. I'd LIKE to leave perms as low as possible, but it seems 775 is the only way the script will work. (?)
    Yes, moving a file is equivalent to deleting its name from one directory and adding it to another. The file itself doesn't move but the indexing information does. So you do need group write access to both the immediate parent directories. I think it should be ok to leave the higher level directories at 755 or even 750.
    "I'm just a little old lady; don't try to dazzle me with jargon!"
    www.hrussman.entadsl.com

  7. #7
    Just Joined!
    Join Date
    Aug 2009
    Posts
    9
    Quote Originally Posted by hazel View Post
    Yes, moving a file is equivalent to deleting its name from one directory and adding it to another. The file itself doesn't move but the indexing information does. So you do need group write access to both the immediate parent directories. I think it should be ok to leave the higher level directories at 755 or even 750.
    But, web users (anonymous visitors) need to be able to read the files inside those directories, so wouldn't 750 cut off all their access?

  8. #8
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,569
    Quote Originally Posted by z0diac View Post
    But, web users (anonymous visitors) need to be able to read the files inside those directories, so wouldn't 750 cut off all their access?
    No. The files are accessed by the web server which runs as the www user.
    What do we want?
    Time machines!

    When do we want 'em?
    Doesn't really matter does it!?


    The Fifth Continent

  9. #9
    Just Joined!
    Join Date
    Aug 2009
    Posts
    9
    Quote Originally Posted by elija View Post
    No. The files are accessed by the web server which runs as the www user.
    So since they're not the owner, nor part of the group, wouldn't it be no access? (excuse the copy/psat below - vBulletin doesn't let you put spaces in some parts of a msg so I can't format it properly)

    chmod 750 foo
    ^^^
    ||`-- others have no access
    |`-- group has read and execute access
    `-- user has full access

    and 750 would mean '5' for group, which wouldn't be enough for the script to move files inside that directory (it was 755 before and the script was getting permission denied)

    first number is owner, second number is group, third is others - correct?

  10. #10
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,569
    When I connect to your web site, I don't access the files on your server directly, the web server does it and it uses the www user (or www-data in some distros).

    When you have the permissions set to 750, the web server has full access, read, write and execute to the files. It is generally recommended to only give the www user write access only to the areas it needs and never the web root. Unnecessary write access makes it easier for bad guys to exploit any vulnerabilities in the web site code.
    What do we want?
    Time machines!

    When do we want 'em?
    Doesn't really matter does it!?


    The Fifth Continent

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •