Decent guide for user/group permissions in Linux

Question

I am sure this has been asked before a number of times but I could not get a decent guide to file/folder permissions for Linux.

What I want is to setup an nginx/apache server with PHP and an FTP server like vsftpd. The problems I usually get is the web server can not read a file when uploaded through the FTP account or I can't upload things to the server at all. My PHP script also needs to run a command line tool and hence would require proper permissions to be run through the server. I got around all these by trying chmodding or chowning but I still don't feel confident about having a secure setup.

Is there any tutorial/book available which can help me learn the concepts properly in a practical way?

Answer 1

There are huge amounts of information available at your closest search engine. The Filesystem permissions article is quite good.

You'll also find useful information in this question: What User Should NGinx and PHP be running as?.

Two articles that looks interesting:

http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html

http://crunchtools.com/unixlinux-filesystem-permissions-101/

Answer 2

I found the best way to solve this problem is with POSIX ACLs. Typically these four commands will give you what you want.

setfacl -Rdm apache:rwx my/dir
setfacl -Rm apache:rwx my/dir
setfacl -Rdm user:rwx my/dir
setfacl -Rm user:rwx my/dir

This sets up an ACL which will permit both user "user" and user "apache" the same level of access regardless of what standard file permissions say. In addition new files and directories created in this directory will inherit the same permissions.

Answer 3

If you don't care about access from one PHP to other site's PHP files - you can use vitual FTP users which are all mapped to apache's user and all documet_root's are owned by apache user also.