Permissions: Why do I always have to type 'sudo' before every command?

2

I'm editing theme files in a wordpress site owned by www-data:www-data as my main user 'oma'. Every time I create a file or edit one, I have to use the sudo command and it gets created as root:root. Actually, I pretty much have to use it everywhere. Big pain, as I invariably forget to type this and then my changes aren't saved.

What I'd like is for it to be created as www-data:www-data. I'm even confused as to why I'm being prompted for this, I thought when I added myself to the 'admin' and 'wheel' group in /etc/sudoers.d/oma I would have more privileges.

UNIX permissions just plain boggle my mind. Any help would be much appreciated.

manafire

Posted 2011-08-04T19:37:42.367

Reputation: 173

Answers

2

  • Adding yourself to wheel gives you the ability to use sudo.

  • If you're a user, you typically can't modify another user's files or create new files in a directory owned by them. If you want to do this, change the permissions on the files/directories you want to be open, using chmod:

    chmod a+rw somename will give readwrite permissions to all users on the file named somename

  • You can sudo to "www-data" rather than to "root" if you want:

    sudo -u www-data whatever

    If you have su on your machine you can switch to another user at the shell:

    su www-data

  • You can change ownership of files using chown but don't do this since your web server user probably won't be able to read other users' files.

Brian Gordon

Posted 2011-08-04T19:37:42.367

Reputation: 228

BTW, su is installed on most systems. You really just need to give root a password in order to use su to switch to root. That is done with sudo passwd. – krowe – 2014-10-07T01:39:53.630

0

Odds are good you're having trouble because the folder is already owned by root, so you can't modify the contents. If that's the case, you probably want to change the permissions on the whole tree: sudo chown -R www-data:www-data site-directory. You may need to mess with your Apache config subsequently, to make sure Apache still has the ability to access and read these files.

All adding things to your sudoers file does is give you more capabilities with the sudo command. However, you may be able to placate yourself by adding a NOPASSWD flag in /etc/sudoers, like so:

%www-data  ALL=(ALL) NOPASSWD: ALL

You'll still need to use sudo, but it won't prompt you for a password. Beware the security implications of doing this, since everyone in the www-data group will thereafter be able to completely hose your machine.

You may want to search out a tutorial on Unix file permissions. They're complex at first, but after you get the hang of them they're quite simple and powerful. I found this one with a quick googling.

Daniel Lyons

Posted 2011-08-04T19:37:42.367

Reputation: 101

Other options (security implication discalimer...) are to use sudo su or sudo -i to get an interactive root shell. – Joe Internet – 2011-08-04T20:37:12.153

Asked: 2011-08-04T19:37:42.367

Viewed: 2 762 times

Active: 2013-03-24T10:33:26.633