0

Guys I have a linux dedicated server.

There are multiple users who manage specific directories on the server.

But if a user uploads something, for example a plugin/library. When it is executed it makes sub directories which are required by that plugin/lubrary. User don't have permissions to that directory.

How to automatically put 775 permissions to all directories?

Waleed
  • 1

5 Answers5

5

The umask of the server receiving the uploads must be set to 002, then newly created directories will get permissions 775.

kasperd
  • 31,086
0

find /path/to/base/dir -type d -exec chmod -R 755 {} +;

will change permissions for folders recursively. You can set up a cron job to do this automatically or simply execute it from the plugin root directory as needed.

symlynk
  • 176
0

add user to apache/php group

usermod -g group username

keep an eye on uploaded files

/usr/bin/inotifywait -e create -e attrib \
    -mrq /home/project/public_html/plugins | while read file; do
    echo -n "$file " >> /var/log/uploads_monitor.log
    echo `date | cut -d " " -f1-4` >> /var/log/uploads_monitor.log
    chmod 775 $file >/dev/null 2>&1
done
ADM
  • 1,413
0

You might need to consider using file system access control lists (setfacl command). This way your changes will affect only the directories you want changed, and won't have the unwanted impact on the whole system, say if you had changed the umask value.

For instance, if your users belong to a specific group, you can give that group a 'rwx' on the parent directory and its descendants. This way any file or directory created will automatically have 'rwx' for any user belonging to that group.


setfacl  -R -m g:groupname:rwx /shareddirectory
setfacl  -d -m g:groupname:rwx /shareddirectory

You can customize this to fit your scenario. My point here is setfacl might have the options you need.

Daniel t.
  • 9,619
-1

I would suggest that you look at ruid2 (pre-built packages), which allows all HTTP requests to a domain to run as the owner of that domain instead of as the Apache user. One of the complaints about this is that it will not run properly with FastCGI.

This is how I loaded it on a CentOS 6 x86_64 server:

  1. As root cd to /root
  2. Download the latest atomic-release rpm from http://www6.atomicorp.com/channels/atomic/centos/6/x86_64/RPMS/
  3. Install atomic-release rpm: rpm -Uvh atomic-release*rpm
  4. Install mod_ruid2 rpm package: yum install mod_ruid2

This will result in these files on your OS:

  1. /etc/httpd/conf.d/ruid2.conf
  2. /usr/lib64/httpd/modules/mod_ruid2.so
  3. /usr/share/doc/mod_ruid2-0.9.1/
  4. /usr/share/doc/mod_ruid2-0.9.1/LICENSE
  5. /usr/share/doc/mod_ruid2-0.9.1/README

After you install mod_ruid2-0.9.6-3.el6.art.x86_64 (or current version) run the command `apachectl -t -D DUMP_MODULES`

Look for something like this to result:

Loaded Modules:
  core_module (static)
  mpm_prefork_module (static)
  http_module (static)
  so_module (static)
  auth_basic_module (shared)
  auth_digest_module (shared)
  authn_file_module (shared)
  authn_alias_module (shared)
  authn_anon_module (shared)
  authn_dbm_module (shared)
  authn_default_module (shared)
  authz_host_module (shared)
  authz_user_module (shared)
  authz_owner_module (shared)
  authz_groupfile_module (shared)
  authz_dbm_module (shared)
  authz_default_module (shared)
  ldap_module (shared)
  authnz_ldap_module (shared)
  include_module (shared)
  log_config_module (shared)
  logio_module (shared)
  env_module (shared)
  ext_filter_module (shared)
  mime_magic_module (shared)
  expires_module (shared)
  deflate_module (shared)
  headers_module (shared)
  usertrack_module (shared)
  setenvif_module (shared)
  mime_module (shared)
  dav_module (shared)
  status_module (shared)
  autoindex_module (shared)
  info_module (shared)
  dav_fs_module (shared)
  vhost_alias_module (shared)
  negotiation_module (shared)
  dir_module (shared)
  actions_module (shared)
  speling_module (shared)
  userdir_module (shared)
  alias_module (shared)
  substitute_module (shared)
  rewrite_module (shared)
  proxy_module (shared)
  proxy_balancer_module (shared)
  proxy_ftp_module (shared)
  proxy_http_module (shared)
  proxy_ajp_module (shared)
  proxy_connect_module (shared)
  cache_module (shared)
  suexec_module (shared)
  disk_cache_module (shared)
  cgi_module (shared)
  version_module (shared)
  fcgid_module (shared)
  perl_module (shared)
  php5_module (shared)
  python_module (shared)
  ruid2_module (shared)
  ssl_module (shared)

If it's there, you're good to go.

Next, make the required additions to the ruid2.conf file.

Note that since Plesk set my master account up using the /var/www/vhosts/mydomain.com/httpdocs path, I added this first:

<Directory /var/www/vhosts/mydomain.com/httpdocs>
  RMode stat
  RUidGid apache apache
  RGroups apache psaserv
</Directory>

Then, it set up additional domain websites using the /var/www/vhosts/mydomain.com/myotherdomain.com path, so I added this for each of those:

<Directory /var/www/vhosts/mydomain.com/myotherdomain.com>
  RMode stat
  RUidGid apache apache
  RGroups apache psaserv
</Directory>
Cristian Ciupitu
  • 6,460
NeedSomeHelp
  • 21