User and Group permissions, with chmod, and Apache |
您所在的位置:网站首页 › user apache group apache › User and Group permissions, with chmod, and Apache |
|
I've been scouring the internet for good information on setting up user and group permissions for Apache. I'll link some resources on the bottom here, but here's what I found: BasicsThere are three sets of permissions to worry about with any directory/file: User - What the owner of the file can do Group - What users of the same group can do Other - What anyone else can doCorrespondingly, users have a username (unique to each user). Users can also be part of a group - In fact, multiple users can be part of the same group. Note: The chmod command can accept numeric integers, such as 0664, which relate to user permissions. See this to help create these, if you wish I will cover using chmod. Chmod is used to modify the permissions of a directory or file. Usage:chmod -flags permissions /path/to/dir/or/file Flags-R chmod -R … will recursively go through the directory provided and change all file/directory permissions as specified. Changing PermissionsYou can define for whom the permissions you are setting apply with these: u = user g = group o = otherYou can add or remove permissions using these: + will add permissions - will remove permissionsYou can set these permissions: r = read w = write x = execute Use this knowledge to setup Apache Assumptions: Apache is run as user www-data and group www-data. Server web root is /var/www FirstWe need to set the owner/group of the web root (and any directories/files therein): $ sudo chown -R www-data:www-data /var/www SecondWe need to setup the proper permissions for users and groups. We do some blanket commands restricting access, and then open access up as much as we need to. To start, make it so no-one but the current user (www-data) can access the web-root content. We use 'go', meaning apply to 'group' and 'other'. We use '-', which means remove permissions. We use 'rwx' to remove read, write and execute permissions. $ chmod go-rwx /var/wwwNext, allow users of the same group (and 'other') to enter the /var/www directory. This is not done recursively. Once again, we use 'group' and 'other' but we use '+' to allow the execute ('x') permission. $ chmod go+x /var/wwwNext, change all directories and files in the web root to the same group (www-data) - just in case there are files in there currently: $ chgrp -R www-data /var/wwwNext, let's do another "reset" of sorts - Make it so only the user can access web content: $ chmod -R go-rwx /var/wwwAnd finally, make it so anyone in the same group can ready/write and execute directories/files in the web root. $ chmod -R g+rx /var/wwwI actually give group write permissions as well, for users which need to modify content, such as users used to deploy code. That looks like this: $ chmod -R g+rwx /var/wwwOften going through all of these steps isn't necessary, but this is a useful exercise to see how these commands work! Resources Max OS-x specific, but still good, permissions chmod info |
| CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |