Last active
February 12, 2018 11:26
-
-
Save immilev/0d5d100d21ed9e0aefa5bc1591e3708e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Use Case: | |
| A number of users (ex. www-data, ivailom, etc) need to access a directory (ex. /var/www/media) securely. | |
| Steps: | |
| 1. Create a new group that would govern the group access to the directory. | |
| sudo groupadd varwwwmedia | |
| NOTE: Using the default group of the user that created the directory may have unintended consequences elsewhere | |
| 2. Add the user that needs access to the group. | |
| sudo adduser www-data varwwwmedia | |
| 3. Recursively, set the the newly created group for the directory | |
| sudo chgrp -R varwwwmedia /var/www/media | |
| 4. Recursively, set the group permissions for the directory and its subdirectories to (rwxrws---) | |
| sudo find /var/www/media -type d -exec chmod -v 2770 {} \; | |
| NOTE: instead of 770 (rwxrwx---) we are using the sticky bit set on group ownership, so that each file created in it | |
| inherits its group ownership from the directory group ownership (and not from the user's group ownership) | |
| 5. Recursively, set the group permissions for the files in the directory and its subdirectories to (rwxrw----) | |
| sudo find /var/www/media -type f -exec chmod -v 760 {} \; | |
| Sources: | |
| https://www.adamerispaha.com/2016/12/14/file-permissions-for-django-media-uploads/ | |
| https://stackoverflow.com/questions/21797372/django-errno-13-permission-denied-var-www-media-animals-user-uploads | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment