Group permissions [solved]

[Guest Mik]

Different - but similar - problem so I thought I'd reuse this thread rather than start a whole new one :)

 

I have a user account 'webdev' that I use mainly for (can you guess?) web development. I have set up VNCSERVER so I can remote in when required but generally everything is done through Dreamweaver running on an XP box.

 

In the Mandrakelinux Users Management Tool 0.92 I have edited user webdev to be a member of the apache group. The 'primary group' is webdev but there is a drop down box where I could select apache if I wanted.

 

Problem is when I go to a directory owned by apache, eg /var/www/, all I see is icons with little padlocks on 'em that I can't access.

 

When logged in as webdev, if I open a console and type 'groups' all it lists is webdev - not a sign of apache.

 

My understanding was that if you added yourself to a group you inherited the groups permissions so I would expect to see a ) apache appearing in my groups list and b ) to have access to files owned by apache.

 

Since this apears not to be the case I asume that either groups are broken or I'm not configuring them properly.

 

my /etc/group file contains the following entries:

 

apache:x:72:webdev

webdev:x:501:

 

Any ideas anyone as this is confusing the heck out of me!

 

Mik

[spinynorman]

Different - but similar - problem so I thought I'd reuse this thread rather than start a whole new one :)

This deserves its own thread. :)

[ramfree17]

im in a hurry so i am not sure if i understood all of the issues in this problem (maybe i should shut up now but my better judgement is sleeping at the moment ).

 

in arch i was driven nuts by not having access to the audio group even if my user is already added (based on the /etc/groups file). then i found in the arch wiki that i can use gpasswd to add my user to the audio group. maybe you can use this in your scenario too.

 

if not then you can regard this post as mere gibberish. :)

 

ciao!

[theYinYeti]

You got confused because there's a "apache" user, AND a "apache" group. Adding yourself to the apache group is the right thing to do, but:

- this will only allow you to see files from the "apache" group, not from the "apache" user;

- by default, new files you create will be of your main group, not "apache", and thus Apache (and other users of the "apache" group) can't read/write (depends on default permissions) them.

 

Assuming /var/www is your HTTP ROOT, here is the solution:

# cd /var/www
# chgrp -R apache .
# chmod -R g+rw,o= .
# find . -type d -exec chmod g+xs {} \;

From now on:

- User and group(=apache) have exactly the same rights on /var/www: read: yes, write: yes, go into directories: yes.

- Others have no rights.

- the 's' bit is set on every directory's group permissions, so that all files created inside have the same group, namely "apache".

 

There only remains to ensure, that all NEW files created have the same group permissions, as the files that are already there. The solution to that is to set the umask. So for example in webdev's .bashrc file, add:

umask 0007

This means that ('0') you won't keep extra bits from being set (eg u+s, g+s, o+t), ('0') default user permissions are rw for files and rwx for dirs, ('0') default group permissions are rw for files and rwx for dirs, and ('7') default "other" permissions is nothing.

 

Yves.

[Guest Mik]

I can'ty pretend to completely follow theYinYeti's instructions but they appear to have done the trick.

 

Another thing that I (perhaps) hadn't taken into account was the need to restart the box - or at the very least one of the services - for the groups to take effect, eg when from a user console I typed groups all I got was webdev and after a reboot the same command returned weddev apache etc....

 

I'm slowly getting to grips with this stuff but many thanks for bailing me out so far!

 

Mik