User rights to update /var/www/
ignored_mailbox at yahoo.com.au
Sat Aug 27 19:03:10 UTC 2005
>>> Something as simple as: chown -R root:authors /var/www/html/*
>>> You may need to do a separate non-recursive one for the "html"
>>> e.g. chown root:authors /var/www/html
> Why not just do a recursive chown on /var/www/html?
Probably just my brain going on strike for the moment when I wrote that
message. At the back of my mind there was some reason why I thought two
stages might be needed, and I was probably just half thinking about the
files versus directory permissions issue.
> e.g. chown -R root:authors /var/www/html
>>> And ensure that owners and the group can read and write files, other
>>> users can only read files.
>>> e.g. chmod -R o+rw,g+rw,o-w /var/www/html/*
> (Don't you mean u+rw,g+rw,o-w?)
Yes. I keep thinking of "owners" instead of "users". Same for the
example that followed.
> And again, why not just start at /var/www/html .... except that ....
>>> (Remember executable permissions are needed for directories, but usually
>>> not wanted for web servable files.)
> True. But if there are directories within /var/www/html, you want to
> make them world-"executable" as well. I recently discovered, though,
> that chmod has some flags that allow what I think you want. Continuing
> the example, you would do this:
> chmod -R g+rwX /var/www/html
> chmod -R o+rX /var/www/html
> Assuming /var/www/html and everything below it in the hierarchy starts
> out readable/writable to its owner, with directories executable as
> well, the above commands should make everything readable/writable to
> others in the group, readable to all, and any file/directory that's
> executable by its owner will be executable to all.
Hmm, I didn't know that trick. That's quite useful.
Though I notice a problem cropping up from time to time, when using
Windows and Samba to update WWW files. You have to fiddle with Samba
permissions, else you can end up with all files being executable, even
when they shouldn't be.
> Hope this helps in general, though in this situation I rather like
> the other suggestion to instead put things in ~username/public_html
> directories and [ whatever configuration is needed to make those files
> servable ].
I suppose it might depend on whether you wanted to be adding users in
that way, and whether you wanted users to have their own sections of the
website (definitely do it as you suggest above, or anybody can change
anybody else's files), or had a group of people collaborating on the
whole thing (might be easier with the common authoring group idea).
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.
More information about the users