Directory permissions for web server
Clash Royale CLAN TAG#URR8PPP
I'm experiencing a problem having to do with permissions to a directory on my server. The file permissions initially read drwx--S--- and I was able to connect with an FTP client signed in as the directory owner and manage the directory, but when I tryed to view them from a browser I get the "Forbidden" message saying I don't have permission to view the files. I noticed if I use sudo chmod -R 644 my_directory which changes the directory's permissions to drw-r-Sr-- and then use sudo chmod g+x my_directory to change the directory's permissions to drw-r-sr--, I can read the files from any browser, but can no longer transfer or view files via FTP to that directory.
ubuntu permissions
edited Jan 13 at 21:43
Rui F Ribeiro
39.7k1479132
asked Feb 27 '15 at 20:57
RogerRoger
61
add a comment |
I'm experiencing a problem having to do with permissions to a directory on my server. The file permissions initially read drwx--S--- and I was able to connect with an FTP client signed in as the directory owner and manage the directory, but when I tryed to view them from a browser I get the "Forbidden" message saying I don't have permission to view the files. I noticed if I use sudo chmod -R 644 my_directory which changes the directory's permissions to drw-r-Sr-- and then use sudo chmod g+x my_directory to change the directory's permissions to drw-r-sr--, I can read the files from any browser, but can no longer transfer or view files via FTP to that directory.
ubuntu permissions
edited Jan 13 at 21:43
Rui F Ribeiro
39.7k1479132
asked Feb 27 '15 at 20:57
RogerRoger
61
add a comment |
I'm experiencing a problem having to do with permissions to a directory on my server. The file permissions initially read drwx--S--- and I was able to connect with an FTP client signed in as the directory owner and manage the directory, but when I tryed to view them from a browser I get the "Forbidden" message saying I don't have permission to view the files. I noticed if I use sudo chmod -R 644 my_directory which changes the directory's permissions to drw-r-Sr-- and then use sudo chmod g+x my_directory to change the directory's permissions to drw-r-sr--, I can read the files from any browser, but can no longer transfer or view files via FTP to that directory.
ubuntu permissions
edited Jan 13 at 21:43
Rui F Ribeiro
39.7k1479132
asked Feb 27 '15 at 20:57
RogerRoger
61
I'm experiencing a problem having to do with permissions to a directory on my server. The file permissions initially read drwx--S--- and I was able to connect with an FTP client signed in as the directory owner and manage the directory, but when I tryed to view them from a browser I get the "Forbidden" message saying I don't have permission to view the files. I noticed if I use sudo chmod -R 644 my_directory which changes the directory's permissions to drw-r-Sr-- and then use sudo chmod g+x my_directory to change the directory's permissions to drw-r-sr--, I can read the files from any browser, but can no longer transfer or view files via FTP to that directory.
ubuntu permissions
ubuntu permissions
edited Jan 13 at 21:43
Rui F Ribeiro
39.7k1479132
asked Feb 27 '15 at 20:57
RogerRoger
61
edited Jan 13 at 21:43
Rui F Ribeiro
39.7k1479132
asked Feb 27 '15 at 20:57
RogerRoger
61
edited Jan 13 at 21:43
Rui F Ribeiro
39.7k1479132
edited Jan 13 at 21:43
Rui F Ribeiro
39.7k1479132
edited Jan 13 at 21:43
Rui F Ribeiro
39.7k1479132
39.7k1479132
asked Feb 27 '15 at 20:57
RogerRoger
61
asked Feb 27 '15 at 20:57
RogerRoger
61
asked Feb 27 '15 at 20:57
RogerRoger
61
61
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Based on your question I'm going to make an assumption. The web server process is in the same group as the group ownership of the directory.
You removed the execute (x) bit from the directory permissions and only gave it back to the group. This means that the directory owner doesn't have execute permission and that is required to be able to change into/traverse through a directory. Using chmod -R with absolute permissions can be dangerous for this very reason. I would recommend you do the following:
Fix your directory permissions.
sudo find my_directory -type d -exec chmod 2750 ;
Since you broke directory traversal you may need to execute this multiple times. If you receive any permission errors while running the above command re-run it until those errors clear.
Fix your file permissions.
sudo find my_directory -type f -exec chmod 0640 ;
When this is done your directories should have the following permissions.
drwxr-s---
And your files should have the following permissions.
-rwxr-x---
If you want to better understand UNIX permissions I would recommend reading man 2 chmod. It's certainly dry reading but it explains what the meaning of each bit is.
answered Feb 27 '15 at 22:18
SeeJayEmmSeeJayEmm
176117
Thanks for the reply @SeeJayEmm , I want to gain a better understanding of the first two commands you suggested (to fix directory and file permissions). I read through the man chmod 2 & 1 and could not find what theaccomplishes. I'm assuming this doesn't have anything to do specifically withchmod, could you shed some light on this?
– Roger
Feb 28 '15 at 22:04
You'll want to read through the -exec section of man find. For each file/directory that is found the command after -exec is executed and is replaced with the file name. ';' indicates the end of a command but since it's a special char for the shell it needs to be escaped out ';'.
– SeeJayEmm
Mar 2 '15 at 1:48
In the 1st command find is locating each directory (-type d) and executing 'chmod 2750' on it. In the 2nd command it is locating each file (-type f) and executing 'chmod 0640' on it. This is one way can use explicit permissions in chmod without screwing up the execute bit on directories.
– SeeJayEmm
Mar 2 '15 at 1:50
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f187277%2fdirectory-permissions-for-web-server%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Based on your question I'm going to make an assumption. The web server process is in the same group as the group ownership of the directory.
You removed the execute (x) bit from the directory permissions and only gave it back to the group. This means that the directory owner doesn't have execute permission and that is required to be able to change into/traverse through a directory. Using chmod -R with absolute permissions can be dangerous for this very reason. I would recommend you do the following:
Fix your directory permissions.
sudo find my_directory -type d -exec chmod 2750 ;
Since you broke directory traversal you may need to execute this multiple times. If you receive any permission errors while running the above command re-run it until those errors clear.
Fix your file permissions.
sudo find my_directory -type f -exec chmod 0640 ;
When this is done your directories should have the following permissions.
drwxr-s---
And your files should have the following permissions.
-rwxr-x---
If you want to better understand UNIX permissions I would recommend reading man 2 chmod. It's certainly dry reading but it explains what the meaning of each bit is.
answered Feb 27 '15 at 22:18
SeeJayEmmSeeJayEmm
176117
Thanks for the reply @SeeJayEmm , I want to gain a better understanding of the first two commands you suggested (to fix directory and file permissions). I read through the man chmod 2 & 1 and could not find what theaccomplishes. I'm assuming this doesn't have anything to do specifically withchmod, could you shed some light on this?
– Roger
Feb 28 '15 at 22:04
You'll want to read through the -exec section of man find. For each file/directory that is found the command after -exec is executed and is replaced with the file name. ';' indicates the end of a command but since it's a special char for the shell it needs to be escaped out ';'.
– SeeJayEmm
Mar 2 '15 at 1:48
In the 1st command find is locating each directory (-type d) and executing 'chmod 2750' on it. In the 2nd command it is locating each file (-type f) and executing 'chmod 0640' on it. This is one way can use explicit permissions in chmod without screwing up the execute bit on directories.
– SeeJayEmm
Mar 2 '15 at 1:50
add a comment |
Based on your question I'm going to make an assumption. The web server process is in the same group as the group ownership of the directory.
You removed the execute (x) bit from the directory permissions and only gave it back to the group. This means that the directory owner doesn't have execute permission and that is required to be able to change into/traverse through a directory. Using chmod -R with absolute permissions can be dangerous for this very reason. I would recommend you do the following:
Fix your directory permissions.
sudo find my_directory -type d -exec chmod 2750 ;
Since you broke directory traversal you may need to execute this multiple times. If you receive any permission errors while running the above command re-run it until those errors clear.
Fix your file permissions.
sudo find my_directory -type f -exec chmod 0640 ;
When this is done your directories should have the following permissions.
drwxr-s---
And your files should have the following permissions.
-rwxr-x---
If you want to better understand UNIX permissions I would recommend reading man 2 chmod. It's certainly dry reading but it explains what the meaning of each bit is.
answered Feb 27 '15 at 22:18
SeeJayEmmSeeJayEmm
176117
Thanks for the reply @SeeJayEmm , I want to gain a better understanding of the first two commands you suggested (to fix directory and file permissions). I read through the man chmod 2 & 1 and could not find what theaccomplishes. I'm assuming this doesn't have anything to do specifically withchmod, could you shed some light on this?
– Roger
Feb 28 '15 at 22:04
You'll want to read through the -exec section of man find. For each file/directory that is found the command after -exec is executed and is replaced with the file name. ';' indicates the end of a command but since it's a special char for the shell it needs to be escaped out ';'.
– SeeJayEmm
Mar 2 '15 at 1:48
In the 1st command find is locating each directory (-type d) and executing 'chmod 2750' on it. In the 2nd command it is locating each file (-type f) and executing 'chmod 0640' on it. This is one way can use explicit permissions in chmod without screwing up the execute bit on directories.
– SeeJayEmm
Mar 2 '15 at 1:50
add a comment |
Based on your question I'm going to make an assumption. The web server process is in the same group as the group ownership of the directory.
You removed the execute (x) bit from the directory permissions and only gave it back to the group. This means that the directory owner doesn't have execute permission and that is required to be able to change into/traverse through a directory. Using chmod -R with absolute permissions can be dangerous for this very reason. I would recommend you do the following:
Fix your directory permissions.
sudo find my_directory -type d -exec chmod 2750 ;
Since you broke directory traversal you may need to execute this multiple times. If you receive any permission errors while running the above command re-run it until those errors clear.
Fix your file permissions.
sudo find my_directory -type f -exec chmod 0640 ;
When this is done your directories should have the following permissions.
drwxr-s---
And your files should have the following permissions.
-rwxr-x---
If you want to better understand UNIX permissions I would recommend reading man 2 chmod. It's certainly dry reading but it explains what the meaning of each bit is.
answered Feb 27 '15 at 22:18
SeeJayEmmSeeJayEmm
176117
Based on your question I'm going to make an assumption. The web server process is in the same group as the group ownership of the directory.
You removed the execute (x) bit from the directory permissions and only gave it back to the group. This means that the directory owner doesn't have execute permission and that is required to be able to change into/traverse through a directory. Using chmod -R with absolute permissions can be dangerous for this very reason. I would recommend you do the following:
Fix your directory permissions.
sudo find my_directory -type d -exec chmod 2750 ;
Since you broke directory traversal you may need to execute this multiple times. If you receive any permission errors while running the above command re-run it until those errors clear.
Fix your file permissions.
sudo find my_directory -type f -exec chmod 0640 ;
When this is done your directories should have the following permissions.
drwxr-s---
And your files should have the following permissions.
-rwxr-x---
If you want to better understand UNIX permissions I would recommend reading man 2 chmod. It's certainly dry reading but it explains what the meaning of each bit is.
answered Feb 27 '15 at 22:18
SeeJayEmmSeeJayEmm
176117
answered Feb 27 '15 at 22:18
SeeJayEmmSeeJayEmm
176117
answered Feb 27 '15 at 22:18
SeeJayEmmSeeJayEmm
176117
answered Feb 27 '15 at 22:18
SeeJayEmmSeeJayEmm
176117
176117
Thanks for the reply @SeeJayEmm , I want to gain a better understanding of the first two commands you suggested (to fix directory and file permissions). I read through the man chmod 2 & 1 and could not find what theaccomplishes. I'm assuming this doesn't have anything to do specifically withchmod, could you shed some light on this?
– Roger
Feb 28 '15 at 22:04
You'll want to read through the -exec section of man find. For each file/directory that is found the command after -exec is executed and is replaced with the file name. ';' indicates the end of a command but since it's a special char for the shell it needs to be escaped out ';'.
– SeeJayEmm
Mar 2 '15 at 1:48
In the 1st command find is locating each directory (-type d) and executing 'chmod 2750' on it. In the 2nd command it is locating each file (-type f) and executing 'chmod 0640' on it. This is one way can use explicit permissions in chmod without screwing up the execute bit on directories.
– SeeJayEmm
Mar 2 '15 at 1:50
add a comment |
Thanks for the reply @SeeJayEmm , I want to gain a better understanding of the first two commands you suggested (to fix directory and file permissions). I read through the man chmod 2 & 1 and could not find what theaccomplishes. I'm assuming this doesn't have anything to do specifically withchmod, could you shed some light on this?
– Roger
Feb 28 '15 at 22:04
You'll want to read through the -exec section of man find. For each file/directory that is found the command after -exec is executed and is replaced with the file name. ';' indicates the end of a command but since it's a special char for the shell it needs to be escaped out ';'.
– SeeJayEmm
Mar 2 '15 at 1:48
In the 1st command find is locating each directory (-type d) and executing 'chmod 2750' on it. In the 2nd command it is locating each file (-type f) and executing 'chmod 0640' on it. This is one way can use explicit permissions in chmod without screwing up the execute bit on directories.
– SeeJayEmm
Mar 2 '15 at 1:50
Thanks for the reply @SeeJayEmm , I want to gain a better understanding of the first two commands you suggested (to fix directory and file permissions). I read through the man chmod 2 & 1 and could not find what the
chmod, could you shed some light on this?– Roger
Feb 28 '15 at 22:04
Thanks for the reply @SeeJayEmm , I want to gain a better understanding of the first two commands you suggested (to fix directory and file permissions). I read through the man chmod 2 & 1 and could not find what the
chmod, could you shed some light on this?– Roger
Feb 28 '15 at 22:04
You'll want to read through the -exec section of man find. For each file/directory that is found the command after -exec is executed and is replaced with the file name. ';' indicates the end of a command but since it's a special char for the shell it needs to be escaped out ';'.
– SeeJayEmm
Mar 2 '15 at 1:48
You'll want to read through the -exec section of man find. For each file/directory that is found the command after -exec is executed and is replaced with the file name. ';' indicates the end of a command but since it's a special char for the shell it needs to be escaped out ';'.
– SeeJayEmm
Mar 2 '15 at 1:48
In the 1st command find is locating each directory (-type d) and executing 'chmod 2750' on it. In the 2nd command it is locating each file (-type f) and executing 'chmod 0640' on it. This is one way can use explicit permissions in chmod without screwing up the execute bit on directories.
– SeeJayEmm
Mar 2 '15 at 1:50
In the 1st command find is locating each directory (-type d) and executing 'chmod 2750' on it. In the 2nd command it is locating each file (-type f) and executing 'chmod 0640' on it. This is one way can use explicit permissions in chmod without screwing up the execute bit on directories.
– SeeJayEmm
Mar 2 '15 at 1:50
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f187277%2fdirectory-permissions-for-web-server%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
