Ubuntu – Make owner of newly create files AND folders www-data instead of superuser/admin

Apache2chownpermissionssamba

I've been struggling with permissions so far, and posted another question but identified what the problem was, without any way to fix it yet.

My setup:

  • Ubuntu Desktop with LAMP stack
  • 5 "users" I created users I've create in the ubuntu server using sudo useradd -r -s /bin/false USERNAME and which are used to access the local network shared folders, i.e for the computers on my network to connect to the /var/www folder, shared using Samba.
  • EDIT: The purpose is to create sort of a "master localhost" where all the computers in my local network can work on the same website, locally (i do NOT have a static IP address thus the server can't be accessed from elsewhere).

My problem:

Currently when I create a new folder on /var/www/html (ex: Creating the folder /var/www/html/testsite1) using any computer of the network, this folder is automatically owned by boris:www-data ("boris" being the main admin user on my ubuntu desktop install, and it shows indeed boris:www-data when running ls -l on the newly created folder), which is causing problems with my current setup (using Duplicator Plugin for wordpress by LifeInTheGrid mostly).
However, both my /var/www and my /var/www/html are owned by www-data:www-data

Hence, I would like to know how I can:

  • Change ownership to www-data:www-data of all files AND directories below /var/www and /var/www/html

  • Make sure any file or folder I will create with any of the users of my network will automatically be owned by www-data:www-data (That includes files automatically created by php scripts as it is what the Duplicator plugin does if I'm not wrong).

Is there a way to do that?

Note: I am a super newbie with things related to Linux and command lines, but I catch up fast.

Note 2: umask is already set as 0002

EDIT:

Tried this:

sudo chown -R www-data:www-data /var/www/

And then set setuid and setgid bits by doing this:

sudo chmod u+s /var/www/html
sudo chmod g+s /var/www/html

Then logged-off, restarted apache, and tried to create a new folder using a Mac connected to my server through network IP (local IP, not static).

I Ran

ls -l on /var/www/html

Output is still:

drwxr-sr-x 2 boris   www-data  testsite1

Note:

I already checked my apache config before and envvars, it is already set to:

export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data

EDIT: I tried it backwards, e.g setting up everything to be owned by boris:www-data and set my envvars apache config to boris:www-data. IT WORKED!

Here is what I did:

Changed envvars to

export APACHE_RUN_USER=boris
export APACHE_RUN_GROUP=www-data

Ran

sudo chown -R boris:www-data /var/www/

Restarted Apachem, created a new folder, add my files, ran the plugin, now says it's good !!!

Best Answer

Answer to Question #1: Recursive chown

A recursive chown will let you set ownership and group to what you want for /var/www/.... This is the command you should use:

sudo chown -R www-data:www-data /var/www/

With that, every file and folder will be set as such inside there with those ownership permissions.


Half-Answer to Question #2: setgid bit

If you want default group ownership on files, set the setgid bit on the /var/www/html folder. New files should then be created with that group as stated on the folder.

sudo chmod g+s /var/www/html

You'll need to set write permissions, though, if any user OTHER than www-data is writing to the directories, and doing so can open you to a security hole or two if you're not careful.

You end up with permissions being $USER:www-data; to change the owner you then use a chown as indicated in method #1 (that said, in a proper setup you should rely on group permissions, not user owner permissions, for access to the web files).


PHP Wordpress Duplicator Problem

The problem with permissions is the user/group PHP runs as needs write and read and likely +x on the directory to edit the dir structure and such.

PHP runs as www-data by default in Ubuntu installs which use the default configurations. Ideally, your steps above would make the issue fixed, as you're stuck with the Duplicator Plugin being a PHP plugin.

Ideally you should also check the documentation for the Duplicator Plugin to verify what permissions it needs to run and work.