July 6, 2021 . 3 MIN READ
Ubuntu user group shows
groups
To confirm the users’ group membership, enter the following command for each user:
groups <username>
Put the Magento file system owner in the web server’s group
To put the Magento file system owner in the web server’s primary group (assuming the typical Apache group name for CentOS and Ubuntu), enter the following command as a user with rootprivileges:
For example, to add the user magento_user to the apache primary group on CentOS:
usermod -g apache magento_user
To confirm your Magento user is a member of the web server group, enter the following command:
groups <user name>
A sample result follows:
magento_user : apache
To complete the task, restart the web server:
http://fideloper.com/user-group-permissions-chmod-apache
I’ve been scouring the internet for good information on setting up user and group permissions for Apache. I’ll link some resources on the bottom here, but here’s what I found:
There are three sets of permissions to worry about with any directory/file:
Correspondingly, users have a username (unique to each user). Users can also be part of a group – In fact, multiple users can be part of the same group.
Note: The chmod command can accept numeric integers, such as 0664, which relate to user permissions. See this to help create these, if you wish
I will cover using chmod. Chmod is used to modify the permissions of a directory or file.
chmod -flags permissions /path/to/dir/or/file
-R
chmod -R … will recursively go through the directory provided and change all file/directory permissions as specified.
You can define for whom the permissions you are setting apply with these:
You can add or remove permissions using these:
You can set these permissions:
We need to set the owner/group of the web root (and any directories/files therein):
$ sudo chown -R www-data:www-data /var/www
We need to setup the proper permissions for users and groups. We do some blanket commands restricting access, and then open access up as much as we need to.
To start, make it so no-one but the current user (www-data) can access the web-root content. We use ‘go’, meaning apply to ‘group’ and ‘other’. We use ‘-‘, which means remove permissions. We use ‘rwx’ to remove read, write and execute permissions.
$ chmod go-rwx /var/www
Next, allow users of the same group (and ‘other’) to enter the /var/www directory. This is not done recursively. Once again, we use ‘group’ and ‘other’ but we use ‘+’ to allow the execute (‘x’) permission.
$ chmod go+x /var/www
Next, change all directories and files in the web root to the same group (www-data) – just in case there are files in there currently:
$ chgrp -R www-data /var/www
Next, let’s do another “reset” of sorts – Make it so only the user can access web content:
$ chmod -R go-rwx /var/www
And finally, make it so anyone in the same group can ready/write and execute directories/files in the web root.
$ chmod -R g+rx /var/www
I actually give group write permissions as well, for users which need to modify content, such as users used to deploy code. That looks like this:
$ chmod -R g+rwx /var/www
Often going through all of these steps isn’t necessary, but this is a useful exercise to see how these commands work!
