Permissions: Difference between revisions

Browse history interactively

← Older edit

VisualWikitext

@@ Line 11: / Line 11: @@
 === Implementation Details ===
-<source lang="bash">
+<syntaxhighlight lang="bash">
 # set groups and memberships
 sudo groupadd developers
 sudo usermod -a -G developers grundlett
 sudo usermod -a -G developers {{apache user}}
-# logout + login to read new membership into current environment
+# You don't have to logout + login to read new membership into current environment
+# You can use newgrp instead
+newgrp developers
 # set file system mode on source
@@ Line 26: / Line 28: @@
 # restart apache so that it gets it's new group membership
 sudo apache2ctl restart
-</source>
+</syntaxhighlight>
 == Fixing Permissions ==
-<source lang="bash">
+<syntaxhighlight lang="bash">
 # find files that are executable and remove the execute bit
 sudo find . -type f -perm -ugo=x -ls -exec chmod a-x {} \;
+# find files that are not owned by www-data
+find ./ -type f ! -user www-data
@@ Line 47: / Line 52: @@
 # find directories without the group sticky bit set
 sudo find . -type d ! -perm -g=s -ls
-</source>
+</syntaxhighlight>
+=== Fix permissions on your Drupal site ===
+<syntaxhighlight lang="bash">
+DROOT='/var/www/example.com/www/drupal'
+USER=greg
+WEBGROUP=www-data
+sudo chown -R $USER:$WEBGROUP $DROOT/
+sudo find $DROOT/ -type d -exec chmod u=rwx,g=rx,o= '{}' \;
+sudo find $DROOT/ -type f -exec chmod u=rw,g=r,o= '{}' \;
+sudo find $DROOT/sites -type d -name files -exec chmod ug=rwx,o= '{}' \;
+for d in "$DROOT/sites/*/files"; do sudo find $d -type d -exec chmod ug=rwx,o= {} \; ; find $d -type f -exec chmod ug=rw,o= {} \; ; done
+</syntaxhighlight>
+The above script is explained at https://www.drupal.org/node/244924
+=== Fixing perms on your gluster mount dir in Meza ===
+The gluster mount dir contains all the images for MediaWiki.  So, perms and ownership are relevant for an Apache web directory.
+https://gist.github.com/freephile/f99274dc53deb2daa1440247665aa0e6
 == Wheel ==
@@ Line 60: / Line 81: @@
 The $USER must logout and login again to reload their group memberships. Alternatively, just issue <code>su - $USER</code> or <code>newgrp</code> (with no arguments); or start a new shell which will inherit the new group memberships.
+== See Also ==
+The linux command <code>namei</code> is very handy at showing you the directory traversal all the way to your destination to show ownership, permissions etc. Use the <code>-m</code> to show mode or <code>-l</code> to show a long listing
+<pre>
+namei -l /opt/data-meza/uploads/en/5/59/Geographylogo.png
+f: /opt/data-meza/uploads/en/5/59/Geographylogo.png
+drwxr-xr-x root         root     /
+drwxr-xr-x root         root     opt
+lrwxrwxrwx root         root     data-meza -> /mnt/volume_nyc1_01/data/data-meza
+drwxr-xr-x root         root       /
+drwxr-xr-x root         root       mnt
+drwxr-xr-x root         root       volume_nyc1_01
+drwxr-xr-x root         root       data
+drwxr-xr-x meza-ansible wheel      data-meza
+drwxrwxr-x www-data     www-data uploads
+drwxrwxr-x www-data     www-data en
+drwxrwxr-x www-data     www-data 5
+drwxrwxr-x www-data     www-data 59
+-rw-rw-r-- www-data     www-data Geographylogo.png
+</pre>
 {{References}}
+[[Category:Filesystems]]