Ubuntu 11.10 server
I have a user bob who's home directory is /home/sites/bob. In that there are directories public_html and logs.
Apache runs under the www-data user. bob's primary group is www-data. Apache updates the access.log and error.log in the logs directory. The two log files are owned by root:root and have permission 644.
The bob user logs in to an FTP server which works. The problem is bob can delete or overwrite the two log files. I need Apache to be able to write to the logs, and for bob to only have read access - no overwriting or deleting the logs. How can this be done?
What I've tried:
cd /home/sites/bob
chown www-data:www-data logs
chmod 644 logs
I expected this to work because it should give Apache write access and the www-data group (i.e the bob user) just read access. What actually happens is in the FTP session bob can see logs in the directory list but he can't open it up, when he tries to change to logs, the error is:
Command: CWD logs
Response: 550 logs: No such file or directory
Error: Failed to retrieve directory listing
So my question is how can I give write access to Apache (www-data) to logs but only read access (and no delete) to bob?
You need to give execute permission on the logs directory, otherwise the user cannot enter the directory.