Directory permissions for web server

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












1















I'm experiencing a problem having to do with permissions to a directory on my server. The file permissions initially read drwx--S--- and I was able to connect with an FTP client signed in as the directory owner and manage the directory, but when I tryed to view them from a browser I get the "Forbidden" message saying I don't have permission to view the files. I noticed if I use sudo chmod -R 644 my_directory which changes the directory's permissions to drw-r-Sr-- and then use sudo chmod g+x my_directory to change the directory's permissions to drw-r-sr--, I can read the files from any browser, but can no longer transfer or view files via FTP to that directory.










share|improve this question




























    1















    I'm experiencing a problem having to do with permissions to a directory on my server. The file permissions initially read drwx--S--- and I was able to connect with an FTP client signed in as the directory owner and manage the directory, but when I tryed to view them from a browser I get the "Forbidden" message saying I don't have permission to view the files. I noticed if I use sudo chmod -R 644 my_directory which changes the directory's permissions to drw-r-Sr-- and then use sudo chmod g+x my_directory to change the directory's permissions to drw-r-sr--, I can read the files from any browser, but can no longer transfer or view files via FTP to that directory.










    share|improve this question


























      1












      1








      1








      I'm experiencing a problem having to do with permissions to a directory on my server. The file permissions initially read drwx--S--- and I was able to connect with an FTP client signed in as the directory owner and manage the directory, but when I tryed to view them from a browser I get the "Forbidden" message saying I don't have permission to view the files. I noticed if I use sudo chmod -R 644 my_directory which changes the directory's permissions to drw-r-Sr-- and then use sudo chmod g+x my_directory to change the directory's permissions to drw-r-sr--, I can read the files from any browser, but can no longer transfer or view files via FTP to that directory.










      share|improve this question
















      I'm experiencing a problem having to do with permissions to a directory on my server. The file permissions initially read drwx--S--- and I was able to connect with an FTP client signed in as the directory owner and manage the directory, but when I tryed to view them from a browser I get the "Forbidden" message saying I don't have permission to view the files. I noticed if I use sudo chmod -R 644 my_directory which changes the directory's permissions to drw-r-Sr-- and then use sudo chmod g+x my_directory to change the directory's permissions to drw-r-sr--, I can read the files from any browser, but can no longer transfer or view files via FTP to that directory.







      ubuntu permissions






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 13 at 21:43









      Rui F Ribeiro

      39.7k1479132




      39.7k1479132










      asked Feb 27 '15 at 20:57









      RogerRoger

      61




      61




















          1 Answer
          1






          active

          oldest

          votes


















          0














          Based on your question I'm going to make an assumption. The web server process is in the same group as the group ownership of the directory.



          You removed the execute (x) bit from the directory permissions and only gave it back to the group. This means that the directory owner doesn't have execute permission and that is required to be able to change into/traverse through a directory. Using chmod -R with absolute permissions can be dangerous for this very reason. I would recommend you do the following:



          Fix your directory permissions.



          sudo find my_directory -type d -exec chmod 2750 ;


          Since you broke directory traversal you may need to execute this multiple times. If you receive any permission errors while running the above command re-run it until those errors clear.



          Fix your file permissions.



          sudo find my_directory -type f -exec chmod 0640 ;


          When this is done your directories should have the following permissions.



          drwxr-s---


          And your files should have the following permissions.



          -rwxr-x---


          If you want to better understand UNIX permissions I would recommend reading man 2 chmod. It's certainly dry reading but it explains what the meaning of each bit is.






          share|improve this answer























          • Thanks for the reply @SeeJayEmm , I want to gain a better understanding of the first two commands you suggested (to fix directory and file permissions). I read through the man chmod 2 & 1 and could not find what the accomplishes. I'm assuming this doesn't have anything to do specifically with chmod, could you shed some light on this?

            – Roger
            Feb 28 '15 at 22:04











          • You'll want to read through the -exec section of man find. For each file/directory that is found the command after -exec is executed and is replaced with the file name. ';' indicates the end of a command but since it's a special char for the shell it needs to be escaped out ';'.

            – SeeJayEmm
            Mar 2 '15 at 1:48











          • In the 1st command find is locating each directory (-type d) and executing 'chmod 2750' on it. In the 2nd command it is locating each file (-type f) and executing 'chmod 0640' on it. This is one way can use explicit permissions in chmod without screwing up the execute bit on directories.

            – SeeJayEmm
            Mar 2 '15 at 1:50










          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f187277%2fdirectory-permissions-for-web-server%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          Based on your question I'm going to make an assumption. The web server process is in the same group as the group ownership of the directory.



          You removed the execute (x) bit from the directory permissions and only gave it back to the group. This means that the directory owner doesn't have execute permission and that is required to be able to change into/traverse through a directory. Using chmod -R with absolute permissions can be dangerous for this very reason. I would recommend you do the following:



          Fix your directory permissions.



          sudo find my_directory -type d -exec chmod 2750 ;


          Since you broke directory traversal you may need to execute this multiple times. If you receive any permission errors while running the above command re-run it until those errors clear.



          Fix your file permissions.



          sudo find my_directory -type f -exec chmod 0640 ;


          When this is done your directories should have the following permissions.



          drwxr-s---


          And your files should have the following permissions.



          -rwxr-x---


          If you want to better understand UNIX permissions I would recommend reading man 2 chmod. It's certainly dry reading but it explains what the meaning of each bit is.






          share|improve this answer























          • Thanks for the reply @SeeJayEmm , I want to gain a better understanding of the first two commands you suggested (to fix directory and file permissions). I read through the man chmod 2 & 1 and could not find what the accomplishes. I'm assuming this doesn't have anything to do specifically with chmod, could you shed some light on this?

            – Roger
            Feb 28 '15 at 22:04











          • You'll want to read through the -exec section of man find. For each file/directory that is found the command after -exec is executed and is replaced with the file name. ';' indicates the end of a command but since it's a special char for the shell it needs to be escaped out ';'.

            – SeeJayEmm
            Mar 2 '15 at 1:48











          • In the 1st command find is locating each directory (-type d) and executing 'chmod 2750' on it. In the 2nd command it is locating each file (-type f) and executing 'chmod 0640' on it. This is one way can use explicit permissions in chmod without screwing up the execute bit on directories.

            – SeeJayEmm
            Mar 2 '15 at 1:50















          0














          Based on your question I'm going to make an assumption. The web server process is in the same group as the group ownership of the directory.



          You removed the execute (x) bit from the directory permissions and only gave it back to the group. This means that the directory owner doesn't have execute permission and that is required to be able to change into/traverse through a directory. Using chmod -R with absolute permissions can be dangerous for this very reason. I would recommend you do the following:



          Fix your directory permissions.



          sudo find my_directory -type d -exec chmod 2750 ;


          Since you broke directory traversal you may need to execute this multiple times. If you receive any permission errors while running the above command re-run it until those errors clear.



          Fix your file permissions.



          sudo find my_directory -type f -exec chmod 0640 ;


          When this is done your directories should have the following permissions.



          drwxr-s---


          And your files should have the following permissions.



          -rwxr-x---


          If you want to better understand UNIX permissions I would recommend reading man 2 chmod. It's certainly dry reading but it explains what the meaning of each bit is.






          share|improve this answer























          • Thanks for the reply @SeeJayEmm , I want to gain a better understanding of the first two commands you suggested (to fix directory and file permissions). I read through the man chmod 2 & 1 and could not find what the accomplishes. I'm assuming this doesn't have anything to do specifically with chmod, could you shed some light on this?

            – Roger
            Feb 28 '15 at 22:04











          • You'll want to read through the -exec section of man find. For each file/directory that is found the command after -exec is executed and is replaced with the file name. ';' indicates the end of a command but since it's a special char for the shell it needs to be escaped out ';'.

            – SeeJayEmm
            Mar 2 '15 at 1:48











          • In the 1st command find is locating each directory (-type d) and executing 'chmod 2750' on it. In the 2nd command it is locating each file (-type f) and executing 'chmod 0640' on it. This is one way can use explicit permissions in chmod without screwing up the execute bit on directories.

            – SeeJayEmm
            Mar 2 '15 at 1:50













          0












          0








          0







          Based on your question I'm going to make an assumption. The web server process is in the same group as the group ownership of the directory.



          You removed the execute (x) bit from the directory permissions and only gave it back to the group. This means that the directory owner doesn't have execute permission and that is required to be able to change into/traverse through a directory. Using chmod -R with absolute permissions can be dangerous for this very reason. I would recommend you do the following:



          Fix your directory permissions.



          sudo find my_directory -type d -exec chmod 2750 ;


          Since you broke directory traversal you may need to execute this multiple times. If you receive any permission errors while running the above command re-run it until those errors clear.



          Fix your file permissions.



          sudo find my_directory -type f -exec chmod 0640 ;


          When this is done your directories should have the following permissions.



          drwxr-s---


          And your files should have the following permissions.



          -rwxr-x---


          If you want to better understand UNIX permissions I would recommend reading man 2 chmod. It's certainly dry reading but it explains what the meaning of each bit is.






          share|improve this answer













          Based on your question I'm going to make an assumption. The web server process is in the same group as the group ownership of the directory.



          You removed the execute (x) bit from the directory permissions and only gave it back to the group. This means that the directory owner doesn't have execute permission and that is required to be able to change into/traverse through a directory. Using chmod -R with absolute permissions can be dangerous for this very reason. I would recommend you do the following:



          Fix your directory permissions.



          sudo find my_directory -type d -exec chmod 2750 ;


          Since you broke directory traversal you may need to execute this multiple times. If you receive any permission errors while running the above command re-run it until those errors clear.



          Fix your file permissions.



          sudo find my_directory -type f -exec chmod 0640 ;


          When this is done your directories should have the following permissions.



          drwxr-s---


          And your files should have the following permissions.



          -rwxr-x---


          If you want to better understand UNIX permissions I would recommend reading man 2 chmod. It's certainly dry reading but it explains what the meaning of each bit is.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Feb 27 '15 at 22:18









          SeeJayEmmSeeJayEmm

          176117




          176117












          • Thanks for the reply @SeeJayEmm , I want to gain a better understanding of the first two commands you suggested (to fix directory and file permissions). I read through the man chmod 2 & 1 and could not find what the accomplishes. I'm assuming this doesn't have anything to do specifically with chmod, could you shed some light on this?

            – Roger
            Feb 28 '15 at 22:04











          • You'll want to read through the -exec section of man find. For each file/directory that is found the command after -exec is executed and is replaced with the file name. ';' indicates the end of a command but since it's a special char for the shell it needs to be escaped out ';'.

            – SeeJayEmm
            Mar 2 '15 at 1:48











          • In the 1st command find is locating each directory (-type d) and executing 'chmod 2750' on it. In the 2nd command it is locating each file (-type f) and executing 'chmod 0640' on it. This is one way can use explicit permissions in chmod without screwing up the execute bit on directories.

            – SeeJayEmm
            Mar 2 '15 at 1:50

















          • Thanks for the reply @SeeJayEmm , I want to gain a better understanding of the first two commands you suggested (to fix directory and file permissions). I read through the man chmod 2 & 1 and could not find what the accomplishes. I'm assuming this doesn't have anything to do specifically with chmod, could you shed some light on this?

            – Roger
            Feb 28 '15 at 22:04











          • You'll want to read through the -exec section of man find. For each file/directory that is found the command after -exec is executed and is replaced with the file name. ';' indicates the end of a command but since it's a special char for the shell it needs to be escaped out ';'.

            – SeeJayEmm
            Mar 2 '15 at 1:48











          • In the 1st command find is locating each directory (-type d) and executing 'chmod 2750' on it. In the 2nd command it is locating each file (-type f) and executing 'chmod 0640' on it. This is one way can use explicit permissions in chmod without screwing up the execute bit on directories.

            – SeeJayEmm
            Mar 2 '15 at 1:50
















          Thanks for the reply @SeeJayEmm , I want to gain a better understanding of the first two commands you suggested (to fix directory and file permissions). I read through the man chmod 2 & 1 and could not find what the accomplishes. I'm assuming this doesn't have anything to do specifically with chmod, could you shed some light on this?

          – Roger
          Feb 28 '15 at 22:04





          Thanks for the reply @SeeJayEmm , I want to gain a better understanding of the first two commands you suggested (to fix directory and file permissions). I read through the man chmod 2 & 1 and could not find what the accomplishes. I'm assuming this doesn't have anything to do specifically with chmod, could you shed some light on this?

          – Roger
          Feb 28 '15 at 22:04













          You'll want to read through the -exec section of man find. For each file/directory that is found the command after -exec is executed and is replaced with the file name. ';' indicates the end of a command but since it's a special char for the shell it needs to be escaped out ';'.

          – SeeJayEmm
          Mar 2 '15 at 1:48





          You'll want to read through the -exec section of man find. For each file/directory that is found the command after -exec is executed and is replaced with the file name. ';' indicates the end of a command but since it's a special char for the shell it needs to be escaped out ';'.

          – SeeJayEmm
          Mar 2 '15 at 1:48













          In the 1st command find is locating each directory (-type d) and executing 'chmod 2750' on it. In the 2nd command it is locating each file (-type f) and executing 'chmod 0640' on it. This is one way can use explicit permissions in chmod without screwing up the execute bit on directories.

          – SeeJayEmm
          Mar 2 '15 at 1:50





          In the 1st command find is locating each directory (-type d) and executing 'chmod 2750' on it. In the 2nd command it is locating each file (-type f) and executing 'chmod 0640' on it. This is one way can use explicit permissions in chmod without screwing up the execute bit on directories.

          – SeeJayEmm
          Mar 2 '15 at 1:50

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f187277%2fdirectory-permissions-for-web-server%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown






          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?