199
194
I installed apache2 on Ubuntu just now, and noticed that the /var/www folder is protected. I can just sudo everything but I would rather just give it write access.
How can I do this?
I tried sudo chmod 7777 /var/www but it didn't work.
Carson Myers
Posted 2009-08-06T23:30:27.277
Reputation: 2 611
328
To best share with multiple users who should be able to write in /var/www, it should be assigned a common group. For example the default group for web content on Ubuntu and Debian is www-data. Make sure all the users who need write access to /var/www are in this group.
sudo usermod -a -G www-data <some_user>
Then set the correct permissions on /var/www.
sudo chgrp -R www-data /var/www
sudo chmod -R g+w /var/www
Additionally, you should make the directory and all directories below it "set GID", so that all new files and directories created under /var/www are owned by the www-data group.
sudo find /var/www -type d -exec chmod 2775 {} \;
Find all files in /var/www and add read and write permission for owner and group:
sudo find /var/www -type f -exec chmod ug+rw {} \;
You might have to log out and log back in to be able to make changes if you're editing permission for your own account.
jtimberman
Posted 2009-08-06T23:30:27.277
Reputation: 20 109
you may want to add that for changes to take effect you need to reload user group assignments, maybe a clean system restart would be better if that's convenient for you – JorgeArtware – 2014-08-21T13:35:09.647
1Why is your group permission command sudo chmod -R g+w and not g+rw or g+rwX? – detly – 2014-08-31T01:24:00.067
+1 for logout and login again; it worked just after I did that. Thanks – Filip Luchianenco – 2017-02-13T15:12:17.807
2that's pretty tedious... I can't just give users access to it, as if it were any other folder? – Carson Myers – 2009-08-07T00:21:03.993
9That is how you give access to it. It's quicker to copy and paste the commands than try to navigate through a GUI file manager's dialogs to do the same thing. Long term it helps you if you read the manual pages for chmod and chgrp, at least ("man chmod"). – jtimberman – 2009-08-07T01:33:44.023
perhaps I didn't understand the commands the first time I read it, and your edit makes it much more clear. – Carson Myers – 2009-08-07T03:39:18.217
1+1 for guid to force apache permissions. works well with umask of 027. If something needs writes access, it's as easy as chmod g+w dir/ – LiraNuna – 2009-08-07T03:47:13.130
How to make a brand new file have w permission for group? – vbarbarosh – 2019-01-23T15:00:42.350
Just wanted to chime in and say this is awesome advice that is very concise and simple to follow while explaining everything you need to know. Well said. Upvoted and starred for future use. :) – Michael B – 2012-09-19T10:09:26.063
@jtimberman The last 2 cmds looks like it should only run once. How to make it idempotent in chef? Actually I'm using these steps in chef! – Autodidact – 2012-10-19T19:21:40.877
Helped me out more than anything else I could find. Thanks. – Jim W. – 2013-08-07T22:05:06.810
34
There's a simpler way to do this, try doing this command.
sudo chmod -R 757 /var/www
Essentially, the chmod command alters permissions and the -R switch affects all users. Then it is simply giving the correct permissions to use.
Krishna Modi
Posted 2009-08-06T23:30:27.277
Reputation: 405
2sudo chmod -R 757 /var/www – Bwyss – 2016-07-28T21:39:51.947
please someone experienced suggest an edit with brief explanation about this. – Adi Prasetyo – 2018-01-07T12:49:00.117
Be careful: This really grants access to everybody on the system, which can be dangerous. (I know this is what was asked, but most of the time it is not what you really want.) – Marian – 2018-05-07T21:29:23.237
3Could you give some insight on what the command does for the OP? – n0pe – 2011-09-23T05:35:46.473
11-1 for lack of explanation. Besides, chmod $permissions -R $file isn't valid… – Blacklight Shining – 2013-01-26T16:48:59.493
1it is options then permissions not the other way around – Moataz Elmasry – 2014-01-17T13:52:30.240
30
Read+Write:
sudo chmod -R a+rw /var/www
Read+Write+Execute:
sudo chmod -R a+rwx /var/www
paivaric
Posted 2009-08-06T23:30:27.277
Reputation: 401
8
You can also replicate what jtimberman suggested using access control lists. The setfacl command accepts -s to replace an existing ACL or -m to modify it; -R to make directory ACLs recursive; and -d to make the specified settings the default, which is useful if you're anticipating forthcoming user accounts.
These just set the permissions as you would for the user, group, other, and mask using chmod:
setfacl -m u::rwx, g::r-x, o::---, m:rwx DIRECTORY
And this could be how you'd do it for a specified user or his/her group:
setfacl -m u:USERNAME:rwx, g:USERNAME:r-x DIRECTORY
And of course, the strength is that you can designate any specific user, multiple users, etc., all without having to modify your group settings. And unlike chmod, if you want some groupies to have access to one directory and other groupies to have access only to another, it's actually possible with setfacl. Finally, to view a directory's ACLs, run getfacl:
getfacl DIRECTORY
And you can specify -R to see the ACLs for subdirectories or -d to see the defaults.
Nikhil Chelliah
Posted 2009-08-06T23:30:27.277
Reputation: 1 028
3
The quick & easy answer -
a. Add (-a) your user (user_name) to the group (-G) www-data.
sudo usermod -a -G www-data user_name
b. Give the Group (g) the same (=) permissions as the owning User (u) of /var/www Recursively (-R).
sudo chmod -R g=u /var/www
Explanation: Apache 2 on Debian/Ubuntu sets the User & Group www-data as the Owner of /var/www. The default permissions for the User are "View & Modify Content", however the Group can only "View Content". So adding yourself to the www-data Group and giving it the same permissions as the wwww-data User, is a quick and easy way to get developing. I do this for all my localhost (PC/Laptop) Web Development environments.
user1138
Posted 2009-08-06T23:30:27.277
Reputation: 77
2
I typicall use
chmod g+w /folder/ -R
It's almost self-explaining.
It adds everyone in the group of /folder/ to have write access (+w) , -R is for recursion for sub-folders.
Arda
Posted 2009-08-06T23:30:27.277
Reputation: 1 291
-3
Can you just try chmod 0777 /var/www ?
A word of warning: if you let everybody access this folder, that means the hackers can access this folder if they gain access to your system. That's why it's better to create a group of permissible users, and give that group write access.
stalepretzel
Posted 2009-08-06T23:30:27.277
Reputation: 1 106
so why offer this as a solution, and then immediately discredit it? -1 vote – Tisch – 2016-08-16T12:44:10.003
-3
First you enter the particular folder path, then using this command …
chmod -R 777 foldername
chown username:username foldername
marimuthu
Posted 2009-08-06T23:30:27.277
Reputation: 3
7Wow, that's bad! You don't give a 777 with a -R -- especially if the person asking the question is a newbie and doesn't understand the risks. – recluze – 2012-03-22T07:34:31.883
True enough @recluze. – vgoff – 2012-11-12T00:44:09.087
Is this a publicly accessible server, or does it have no direct connection to the internet?
If the former it is important that you consider security decisions - servers on the internet are constantly under attack (have a look in your /var/log/messages or equivalent). – kwutchak – 2009-08-07T02:36:06.210
this is just my laptop, it is not accessible from the internet. – Carson Myers – 2009-08-07T03:31:38.293