How can permissions be established without conflicts between users and groups?


I'm having trouble finding a balance between the owners' permissions and groups of directories and files.

As the development of the application progresses, the intervening processes increase. And each of them run with different owners and groups.

The problem that I find is the following:

I give these directories as an example.

drwxr-xr-x  7 www-data www-data cache/
drwxr-xr-x 10 www-data www-data log/
drwx------  2 www-data www-data sessions/

Occasionally, the user ubuntu has to do some operation on the files containing these directories, for example log/ . With the consequent logical error, because it is not owned or belongs to the group.

As proof, I added user ubuntu to group www-data .

When it is the user ubuntu who creates the file log before, the following case occurs:

drwxrwxr-x 10 www-data www-data log/
├── -rw-rw-r--  1 www-data www-data log.error.20170315.log
├── -rw-rw-r--  1 www-data www-data log.error.20170322.log
└── -rw-rw-r--  1 ubuntu ubuntu log.error.20170327.log

Create the file log with the user and group ubuntu . In the case that the user www-data want to edit that same file returns to give errors.

My question then is:

How can you establish permissions between users and groups without generating these types of conflicts?

asked by OscarR 27.03.2017 в 13:09

2 answers


Good, I in cases similar to yours when I want several users belonging to a group for example www-data can read and write to a directory and that when creating files or directories these by default belong to the group www-data what I do is activate the SGID of the directory, like this.

chmod +s log

With this you get that all the files or directories created within log have assigned the group of the directory log .

I hope it serves you.

answered by 27.03.2017 / 15:13

Permissions work hierarchically. In this case, if you want user www-data to modify log , why not create it with that user, if user ubuntu is in group www-data ? That would be the simplest solution.

If you do not want to, the file log can have owner ubuntu and group owner www-data , which is another solution for user www-data to access.

answered by 27.03.2017 в 14:23