Permissions: Difference between revisions
m added Category:Filesystems using HotCat |
m Text replacement - "<(\/?)source" to "<$1syntaxhighlight" |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 11: | Line 11: | ||
=== Implementation Details === | === Implementation Details === | ||
< | <syntaxhighlight lang="bash"> | ||
# set groups and memberships | # set groups and memberships | ||
sudo groupadd developers | sudo groupadd developers | ||
| Line 28: | Line 28: | ||
# restart apache so that it gets it's new group membership | # restart apache so that it gets it's new group membership | ||
sudo apache2ctl restart | sudo apache2ctl restart | ||
</ | </syntaxhighlight> | ||
== Fixing Permissions == | == Fixing Permissions == | ||
< | <syntaxhighlight lang="bash"> | ||
# find files that are executable and remove the execute bit | # find files that are executable and remove the execute bit | ||
sudo find . -type f -perm -ugo=x -ls -exec chmod a-x {} \; | sudo find . -type f -perm -ugo=x -ls -exec chmod a-x {} \; | ||
# find files that are not owned by www-data | |||
find ./ -type f ! -user www-data | |||
| Line 49: | Line 52: | ||
# find directories without the group sticky bit set | # find directories without the group sticky bit set | ||
sudo find . -type d ! -perm -g=s -ls | sudo find . -type d ! -perm -g=s -ls | ||
</ | </syntaxhighlight> | ||
=== Fix permissions on your Drupal site === | |||
<syntaxhighlight lang="bash"> | |||
DROOT='/var/www/example.com/www/drupal' | |||
USER=greg | |||
WEBGROUP=www-data | |||
sudo chown -R $USER:$WEBGROUP $DROOT/ | |||
sudo find $DROOT/ -type d -exec chmod u=rwx,g=rx,o= '{}' \; | |||
sudo find $DROOT/ -type f -exec chmod u=rw,g=r,o= '{}' \; | |||
sudo find $DROOT/sites -type d -name files -exec chmod ug=rwx,o= '{}' \; | |||
for d in "$DROOT/sites/*/files"; do sudo find $d -type d -exec chmod ug=rwx,o= {} \; ; find $d -type f -exec chmod ug=rw,o= {} \; ; done | |||
</syntaxhighlight> | |||
The above script is explained at https://www.drupal.org/node/244924 | |||
=== Fixing perms on your gluster mount dir in Meza === | |||
The gluster mount dir contains all the images for MediaWiki. So, perms and ownership are relevant for an Apache web directory. | |||
https://gist.github.com/freephile/f99274dc53deb2daa1440247665aa0e6 | |||
== Wheel == | == Wheel == | ||
| Line 62: | Line 81: | ||
The $USER must logout and login again to reload their group memberships. Alternatively, just issue <code>su - $USER</code> or <code>newgrp</code> (with no arguments); or start a new shell which will inherit the new group memberships. | The $USER must logout and login again to reload their group memberships. Alternatively, just issue <code>su - $USER</code> or <code>newgrp</code> (with no arguments); or start a new shell which will inherit the new group memberships. | ||
== See Also == | |||
The linux command <code>namei</code> is very handy at showing you the directory traversal all the way to your destination to show ownership, permissions etc. Use the <code>-m</code> to show mode or <code>-l</code> to show a long listing | |||
<pre> | |||
namei -l /opt/data-meza/uploads/en/5/59/Geographylogo.png | |||
f: /opt/data-meza/uploads/en/5/59/Geographylogo.png | |||
drwxr-xr-x root root / | |||
drwxr-xr-x root root opt | |||
lrwxrwxrwx root root data-meza -> /mnt/volume_nyc1_01/data/data-meza | |||
drwxr-xr-x root root / | |||
drwxr-xr-x root root mnt | |||
drwxr-xr-x root root volume_nyc1_01 | |||
drwxr-xr-x root root data | |||
drwxr-xr-x meza-ansible wheel data-meza | |||
drwxrwxr-x www-data www-data uploads | |||
drwxrwxr-x www-data www-data en | |||
drwxrwxr-x www-data www-data 5 | |||
drwxrwxr-x www-data www-data 59 | |||
-rw-rw-r-- www-data www-data Geographylogo.png | |||
</pre> | |||
{{References}} | {{References}} | ||
[[Category:Filesystems]] | [[Category:Filesystems]] | ||