Truecrypt & apache, how to manage the file permission?

Question

I'm on Ubuntu. I use a truecrypt container to store all my working files. My apache server run with the user www-data ( the default setting ).

When I mount the container using truecrypt, all my file are owned by fmaz:fmaz. So when my PHP code try to do a chmod(), it fail -- permission denied.

So I've tried to mount the truecrypt volume like so:

truecrypt --auto-mount=devices --fs-options="uid=33,gid=1000"

as well as:

truecrypt --auto-mount=devices --fs-options="uid=1000,gid=33"

When doing a ls -la on the folder, I can see that the owning is valid ( www-data:fmaz or fmaz:www-data ) But the group doesn't seem to be taken into account.

fmaz:www-data
I can access my file, but apache/php can't work with them.

www-data:fmaz
Apache and PHP are happy, everything work fine, but I cannot access to my own files:

fmaz@fmaz-laptop:/$ cd media/truecrypt1/
bash: cd: media/truecrypt1/: Permission non accordée

But as you can see:

sudo ls -la media/truecrypt1/
total 31448
drwx------ 14 www-data fmaz     8192 1969-12-31 19:00 .
drwxr-xr-x  5 root     root     4096 2011-12-03 11:10 ..
-rwx------  1 www-data fmaz  3353256 2009-11-18 21:19 7nuj21us.exe
...

How can I configure the setup to be able to have full access to the file for Apache as well as myself ?

Answer 1

You can chown the files/folders to fmaz:www-data.

Then, you need to add the read permission to group using chmod g+r (files) and chmod g+rx (folders).

If your PHP code requires modifying some directory/filer, you need to use chmod g+wr.

This is just one way of doing it.

Answer 2

Solved this problem adding needed umask. I use truecrypt 7.1 with gui, so i went

settings->preferences->mount options

uid=www-data,gid=user,umask=007

it mounts volume with drwx-rwx----

just what i needed for my apache running inside truecrypt