Debian /var/www/ file permissions

[owner]

Hello,

 

I am experimenting with setting up my own Linux based server using Debian.  Right now it seems to be running great, however I have a few php scripts that move files around and create directories that are giving me some problems.  For some crazy reason, my permissions seem to be really screwed up.  When my script tries to create a folder, it will only give the max permissions of 755 (even if I tell it to set the folder to 0777).  If I try to move my files, I get permission errors as well.  It looks like the folders are being created under a user and usergroup called www-data.  Is there another step that I have missed to get this working?

 

Thanks in advance!

owner

[corbin]

It sounds to me like Apache is running as www-data.  As such, you'll either need to change the user Apache runs under or grant permissions to www-data.

[owner]

What would you recommend to do?  I am a bit new to the whole Linux scene, but I would love to learn

 

Owner

[trq]

The way I normally setup Debian systems is as follows:

 

1) As root, create a new group called 'www' then place yourself within that group, logout and back in for it to take effect.

 

sudo groupadd www
sudo gpasswd -a <yourusername> www
logout

 

2) Make the entire /var/www directory structure be owned by 'www-data' and the 'www' group. Give users belonging to the 'www' group write permissions, then set the sticky bit on the group for this directory structure so that any new directories created will take on these same permissions.

 

sudo chown -R www-data:www /var/www
sudo find /var/www -type f -exec chmod 664 {} \;
sudo find /var/www -type d -exec chmod 775 {} \;
sudo find /var/www -type d -exec chmod g+s {} \;

 

That should now give you sufficient permissions to create directories and files within /var/www manually (ie: Via a terminal). If you want these directories to be writtable by the server process you will however need to chown them to www-data:www. Any new directories created by the Apache process will automatically be owned by www-data:www.

 

3) Allow users within the 'www' group to change directories they own within /var/www to be owned by 'www-data:www'.

 

sudo sudoedit /etc/sudoers

 

Then add the following line.....

 

%www ALL = NOPASSWD: /bin/chown www-data /var/www/*, /bin/chown -R www-data /var/www/*

 

This means users within the 'www' group can now execute....

 

sudo chown www-data /var/www/<directoryname>

 

on directories they own, making them writtable via the Apache process.

 

That's basically it. Allot of people like to simply join the www-data group and set the sticky bit on /var/www but you generally don't want all directories to be writtable by the Apache process.

[Daniel0]

You could also check out suPHP.

[cybernet]

you could also use ispconfig

even it's made for multi websites

it runs perfectly and has fastcgi cgi suphp and more

it's kind of a cpanel with fewer modules