Home / server / Questions / 550773
Accepted
Ben Everard
Asked: 2013-11-06 02:45:00 +0800 CST

Web server users and groups

  • 772

I've set up a web server of which will host sites for multiple clients, each client will have their own user and the files for their website(s) will exist within /var/www.

We deploy code via a service called DeployHQ, of which connects via SSH using the clients username, thus when files are pushed to the server they are created with that clients username and group.

The issue I'm having is that the web server user www-data isn't able to update files, for example this .htaccess file:

 4 -rw-rw-r--  1 client_user client_user   945 Oct 30 12:07 .htaccess

I could just change the file group to www-data, however new files that are deployed won't be created in this way so this wouldn't be a long term solution.

Considering I want a user for each client, can anyone recommend a way to allow www-data to do anything that the client user can do?

I've just read a little bit about setting the Set-Group-ID, is that something I should consider?

Many thanks

web-server

1 Answers

  1. Best Answer

    This can be achieved by setting the SGID bit on the dirs for each user. For example:

    tom@tomh:~▶ mkdir testdir # Just an example dir
tom@tomh:~▶ sudo chgrp www-data testdir # Change the group
tom@tomh:~▶ touch testdir/before 
tom@tomh:~▶ ls -la testdir/before # At the moment files have the default group 'tom'
-rw-rw-r-- 1 tom tom 0 Nov  5 11:04 testdir/before
tom@tomh:~▶ sudo chmod g+s testdir/ # Set the SGID bit on the dir
tom@tomh:~▶ touch testdir/after
tom@tomh:~▶ ls -la testdir/after # Files now have the same group as the dir
-rw-rw-r-- 1 tom www-data 0 Nov  5 11:04 testdir/after

    Remember to make sure your umasks for the users put the right group permissions on the files too!

    • 3