sKunKbad Posted June 30, 2008 Share Posted June 30, 2008 I have figured out that if I CHOWN the /var/www directory that I can use Filezilla in SSH mode to move files back and forth easily from my home computer. Another person suggested that if Apache/PHP needs to write to a file in the www directory that it would no longer be able to. So, I'm guessing that CHOWNing the directory was the wrong thing to do, and wondering if I should join the www-data group, or what is the proper way of handling this? Was the person that suggested that Apache/PHP would no longer be able to write to the www directory correct? Quote Link to comment https://forums.phpfreaks.com/topic/112536-solved-how-to-co-own-the-varwww-directory-so-i-can-use-filezilla-in-ssh-mode/ Share on other sites More sharing options...
trq Posted June 30, 2008 Share Posted June 30, 2008 what is the proper way of handling this? Was the person that suggested that Apache/PHP would no longer be able to write to the www directory correct? Yes. However, joining the www-data (the apache user group) group isn't a good idea, nor is having /var/www owned by that group. What I normally do is create a new group (www), I then chown /var/www to root:www and join the www group. I would then chmod /var/www 775. This gives you permissions to write to the directory. From there, I simply make any directories that need to be written to by php (file uploads, fwrite etc etc) owned by www-data. The least directories owned by this group the better. Quote Link to comment https://forums.phpfreaks.com/topic/112536-solved-how-to-co-own-the-varwww-directory-so-i-can-use-filezilla-in-ssh-mode/#findComment-578024 Share on other sites More sharing options...
sKunKbad Posted June 30, 2008 Author Share Posted June 30, 2008 ...www-data. The least directories owned by this group the better. Is this because if a malicious user somehow got control of Apache they could overwrite anything in a directory that was owned by www-data? Quote Link to comment https://forums.phpfreaks.com/topic/112536-solved-how-to-co-own-the-varwww-directory-so-i-can-use-filezilla-in-ssh-mode/#findComment-578430 Share on other sites More sharing options...
trq Posted June 30, 2008 Share Posted June 30, 2008 ...www-data. The least directories owned by this group the better. Is this because if a malicious user somehow got control of Apache they could overwrite anything in a directory that was owned by www-data? Indeed. Quote Link to comment https://forums.phpfreaks.com/topic/112536-solved-how-to-co-own-the-varwww-directory-so-i-can-use-filezilla-in-ssh-mode/#findComment-578626 Share on other sites More sharing options...
steviewdr Posted July 1, 2008 Share Posted July 1, 2008 Try using the chmod +t option so that any files created by anyone in /var/www are automatically created 775. Note: not recommended. Use suPHP or suExec to have apache change owner etc. See: http://wiki.kartbuilding.net/index.php/Chmod#Make_a_Sticky_Directory_or_File -steve Quote Link to comment https://forums.phpfreaks.com/topic/112536-solved-how-to-co-own-the-varwww-directory-so-i-can-use-filezilla-in-ssh-mode/#findComment-579061 Share on other sites More sharing options...
trq Posted July 2, 2008 Share Posted July 2, 2008 Try using the chmod +t option so that any files created by anyone in /var/www are automatically created 775. The +t option wont automatically make files 775. Permissions given to files are set by your umask setting. Another option when working with groups of people is to set the group id bit so that all files / directories within will be owned by the same group. eg; sudo chown root:www /var/www sudo chmod 2775 /var/www Now, if I (as user thorpe belonging to the group www) create any file / directory within /var/www it will be owned by thorpe:www, and providing my umask is set to 0002 (default on most systems) files will be 664 while dirs will be 2775 (same as /var/www). Quote Link to comment https://forums.phpfreaks.com/topic/112536-solved-how-to-co-own-the-varwww-directory-so-i-can-use-filezilla-in-ssh-mode/#findComment-579728 Share on other sites More sharing options...
steviewdr Posted July 3, 2008 Share Posted July 3, 2008 Yes, I got my wires crossed badly there. chmod 2775 /var/www or chmod g+s /var/www I'm not so sure about the umask of 0002 been default. I think it could be 0022 for debian and ubuntu. -steve Quote Link to comment https://forums.phpfreaks.com/topic/112536-solved-how-to-co-own-the-varwww-directory-so-i-can-use-filezilla-in-ssh-mode/#findComment-581249 Share on other sites More sharing options...
trq Posted July 3, 2008 Share Posted July 3, 2008 I'm not so sure about the umask of 0002 been default. I think it could be 0022 for debian and ubuntu. Yeah, my bad. I meant 0022. I actually use 0077 these days without issue. Quote Link to comment https://forums.phpfreaks.com/topic/112536-solved-how-to-co-own-the-varwww-directory-so-i-can-use-filezilla-in-ssh-mode/#findComment-581301 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.