Why did I add a user to a Linux group but they say I don't have write privileges?
I started up a server in Ubuntu to create a web service using VPS.
In this case, apart from root, we have an account called admin to work on.
I wanted to deploy on CI in GitLab, so I created a web group to take this opportunity to get around my authority.
$sudo groupadd web
And I added admin users and www-data users because I use Nginx.
$sudo usermod-aG web admin
$ sudo usermod-aG webwww-data
Finally, we changed the owner permissions of DocumentRoot.
$sudo town-Radmin:web/var/www/html/
Now that you have access to the site on the VPS,
I get an error that says I can't write a file during PHP processing.
A 500 error was returned.
So I changed my DocumentRoot access to 765.
$sudo find/var/www/html/-type d-print|xargs sudo chmod765
However, the situation remained the same.
Therefore, I changed the owner permission of DocumentRoot to www-data.
$sudo town-Rwww-data:www-data/var/www/html/
Then it worked.
うまくI want to know why it doesn't work
Why doesn't this work?
The "web" group also includes www-data users, so
I think I can read and write, but is this recognition wrong?
正常How can I make it work properly?
Both dadmin ユーザ and -www-data ユーザ users can work with this directory.
How do I get the web service to work properly?
そもそも Is this idea of building an environment correct in the first place?
I'm studying infrastructure, so I'm not familiar with it, but
Is it okay to think like this?
www-data:www-data
would work better?
I would appreciate it if you could let me know if anyone understands the above.
Thank you for your cooperation.
(1)Change user from www-data
sudo chown-Radmin:web/var/www/html/
(2)Change directory permissions to 2775
sudo find/var/www/html-type d-print | xargs sudo chmod 2775
So far, the site has been displayed, but PHPWord who creates a word file will give an error.
Unable to set visibility for file docx.{"userId":1, "exception":"[object] (League\\Flysystem\\UnableToSetVisibility (code:0):Unable to set visibility for file docx.
In order to change the permission of the file, I added the following:
find/var/www/html-type f-print | xargs chmod 664
However, the error could not be resolved, so I put it back once.
ubuntu nginx
うまくI want to know why it doesn't work
I think it's because the 775 should be the 765.
You need "x" to access the directory.
正常What should I do to make it work properly?
I think it would be good to choose admin:web775 or admin:web2775 (add directory SETGID bit).
The group of newly created files under the directory is www-data on the 775 and web on the 2775.
I usually use Apache and I have no experience with Nginx, but there are some common web servers, so I will answer them.
When a web application (= program) is called through a browser, it is not the owner of the file itself, but the process of the web server that runs the program.Similarly, when reading and writing files from a program, you must have appropriate permissions on the web server process.
The name www-data
that you have tried will be the common user/group name used to run the web server process.
(Depending on your environment, apache
, nginx
, etc.)
Both Apache and Nginx can change the actual permissions (users, groups) used in the configuration file, but it would be easier to understand if the owner (or group) below the document root should be aligned with www-data
.
Also, if you want the document root to be able to read and write files from regular users, add a user to the www-data
group.
© 2024 OneMinuteCode. All rights reserved.