[CentOS] perplexing permissions issue

[Filipe Brandenburger]

Hi,

On Fri, Sep 4, 2009 at 11:03, Dave<dave.mehler at gmail.com> wrote:
>        I'm running CentOS 5.3 and it runs an apache web server. The
> permissions on the web data directory in this case /var/www/secure/data are
> set to 4775 owner of apache group of webdev.

I believe what you want is 2775, the first "2" is the set-gid group,
it will make files created in that directory inherit that group.

> I was under the impression
> that any file then placed in that directory would have a owner of apache and
> a group of webdev

No, that's not how that works... You cannot force the user ownership
of a file to change, only the group ownership. The set-uid bit on a
directory doesn't do anything (AFAIK), only the set-gid bit has the
effect of making files created in that directory inherit that group.

> permissions of 664.

That is actually controlled by the "umask", which is set by each
user/program. In RHEL/CentOS, if your primary group matches your
username, your umask will be set to 002, which is the one that will
create files with 664 permissions, which is the one you want.

> content permissions are set to 664 but owner and group membership are that
> of the user who added the files not apache and webdev. The issue is further
> compounded when a user logs in via ftp and adds files or folders. They are
> owned by the ftp user and group.

Fix the directory permissions from 4775 to 2775 and the group of files
will be set to "webdev" as you want them to.

Make sure the umask will be 002 (you might have to configure that on
your FTP server too) and files will be writable by any member of group
"webdev", so although the files won't all have the same owner, they
will all be writable by any other members of that same group.

HTH,
Filipe