View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions User / Group permission strategy
Log in to Ask a Question

User / Group permission strategy

development

Hi All,

Quite new to *nix.

I have nginx webserver running under www-data user and group.

I have a problem when I upload via sftp, I don´t have permissions to overwrite files ( I don´t want to set 777 on all files)

Is there any way / approach / strategy that lets me set 755 permissions and upload / overwrite files via ftp / sftp ( preferably with different user) ?

With my previous hosting, I could even overwrite files with 600, so having full access for ftp users would be great.

Many thanks in advance.

L

5 Replies

There are probably two strategies I might try on this. First is simple - just log in to SFTP as www-data and then you should have full permissions over those files.

The second strategy is to have another user that you use to login with, let's call it "myuser". You then add myuser to the group of www-data by editing the group file. (I use CentOS with the "vigr" command to edit this file as root). Then you set ownership on the files you want to overwrite like this:

chown www-data:www-data somefile

chmod 0770 somefile

That should give the user www-data and any other users belonging to the www-data group (in our case, one) full permissions to the files.

Hope this helps.

My approach…

I just add my user to the www-data group and set the files to 775.

sudo usermod -a -G www-data jeff
sudo chmod -R 775 /var/www
sudo chown -R www-data:www-data /var/www

yes, did not like the 77x permissions but that is what I ended up doing.

Thanks to all.

L

Umm, why are the files owned by www-data in the first place? That makes no sense. nginx does not require write access to any of your website files. It only needs to be able to read them. You can make all your website files owned by your own username, set the permissions to 755, and let nginx read them to its heart's content.

If you have any web application that requires write access, such as a PHP script, you just change a few things in the FastCGI/FPM init script so that PHP runs as the same user who owns the website files. With Apache, it was customary to run PHP as www-data, but with nginx, there's no need to do that anymore.

@hybinet:

Umm, why are the files owned by www-data in the first place? That makes no sense. nginx does not require write access to any of your website files. It only needs to be able to read them. You can make all your website files owned by your own username, set the permissions to 755, and let nginx read them to its heart's content.

If you have any web application that requires write access, such as a PHP script, you just change a few things in the FastCGI/FPM init script so that PHP runs as the same user who owns the website files. With Apache, it was customary to run PHP as www-data, but with nginx, there's no need to do that anymore.

many thanks, this is what I have done and I think it is best scenario.

regards

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct