On 11/9/22 2:08 AM, Kaushal Shriyan wrote: > On Wed, Nov 9, 2022 at 3:26 PM Simon Matter <simon.matter at invoca.ch> wrote: > >>> On Mon, Nov 7, 2022 at 8:50 AM Kaushal Shriyan <kaushalshriyan at gmail.com >>> >>> wrote: >>> >>>> Thanks Emmett for the suggestion. I will keep you posted once it is >>>> done. >>>> Thanks in advance. >>>> >>>> >>> Hi Emmett, >>> >>> I have a follow up question regarding permissions. I am running a php >>> application hosted on the nginx version: nginx/1.22.0 >>> using php74-fpm-7.4.32-1.el7.ius.x86_64 running on CentOS Linux release >>> 7.9.2009 (Core)I have this folder >>> /var/www/html/gsmaidp/web/sites/default/files folder which is owned by >>> deployuser. >>> >>> *drwrwsrwx 25 deployuser deployuser 4096 Nov 9 08:23 files* >>> >>> #id deployuser >>> uid=1001(deployuser) gid=1002(deployuser) >>> groups=1002(deployuser),995(nginx),994(php-fpm) >>> >>> ps aux | grep php >>> root 27692 0.0 0.0 473296 14648 ? Ss 09:23 0:00 php-fpm: >>> master process (/etc/php-fpm.conf) >>> nginx 27693 0.0 0.1 475476 17980 ? S 09:23 0:00 php-fpm: >>> pool www >>> nginx 27694 0.0 0.1 475476 16440 ? S 09:23 0:00 php-fpm: >>> pool www >>> nginx 27695 0.0 0.1 475476 16412 ? S 09:23 0:00 php-fpm: >>> pool www >>> nginx 27696 0.0 0.1 475476 16420 ? S 09:23 0:00 php-fpm: >>> pool www >>> nginx 27697 0.0 0.1 475492 16428 ? S 09:23 0:00 php-fpm: >>> pool www >>> >>> ps aux | grep nginx >>> root 3392 0.0 0.0 51264 1368 ? Ss Oct21 0:00 nginx: >>> master process /usr/sbin/nginx -c /etc/nginx/nginx.conf >>> nginx 3393 0.0 0.0 52356 4380 ? S Oct21 0:51 nginx: >>> worker process >>> nginx 3394 0.0 0.0 52396 4648 ? S Oct21 1:45 nginx: >>> worker process >>> nginx 3395 0.0 0.0 52488 4648 ? S Oct21 5:38 nginx: >>> worker process >>> nginx 3396 0.0 0.0 52500 4652 ? S Oct21 8:32 nginx: >>> worker process >>> nginx 27693 0.0 0.1 475476 17980 ? S 09:23 0:00 php-fpm: >>> pool www >>> nginx 27694 0.0 0.1 475476 16440 ? S 09:23 0:00 php-fpm: >>> pool www >>> nginx 27695 0.0 0.1 475476 16412 ? S 09:23 0:00 php-fpm: >>> pool www >>> nginx 27696 0.0 0.1 475476 16420 ? S 09:23 0:00 php-fpm: >>> pool www >>> nginx 27697 0.0 0.1 475492 16428 ? S 09:23 0:00 php-fpm: >>> pool www >>> >>> Whenever any new files like images or pdf files or new subfolders created >>> inside /var/www/html/gsmaidp/web/sites/default/files folder by the php >>> application the files or subfolders have user and group ownership of >> nginx >>> user. >>> >>> Is there a way to have ownership of all new files and subfolders to >>> deployuser created under /var/www/html/gsmaidp/web/sites/default/files. I >>> set SETGID (SET Group ID) flag of chmod as per below but the file is >> still >>> owned by nginx user. >>> >>> #cd /var/www/html/gsmaidp/web/sites/default/ >>> #chmod g+s files >> >> also do chmod 2775 files >> then, create a file in files/ as user nginx, it should then be owned by >> nginx:deployuser >> >> I think you can not set owner this way, only the group. >> >>> >>> I also tried the ACL method but the new files and subfolders are still >>> owned by nginx user. >>> >>> #setfacl -Rdm u:deployuser:rwx,g:deployuser:rwx,o::rwx files >>> #setfacl -Rm u:deployuser:rwx,g:deployuser:rwx,o::rwx files >> >> I guess fiddling with ACLs just makes it more complicated :) >> >> Regards, >> Simon >> >> > Thanks Simon for the email response. Is there a way to have consistent > deployuser (user and group ownership) on new files and subfolders created > inside files directory? > > cd /var/www/html/gsmaidp/web/sites/default/files/ > > #ls -l image15.png > -rw-rw-r--+ 1 nginx deployuser 387071 Nov 9 08:27 image15.png > > to > > #ls -l image15.png > -rw-rw-r--+ 1 deployuser deployuser 387071 Nov 9 08:27 image15.png > > Apologies for bugging. Please suggest further. Thanks in advance > > Best Regards, > > Kaushal It is not clear to me what you are asking, however I can tell you that when the GID bit is set on a directory, every new directory created in that directory will be set to the GID of that directory. So if nginx is the group assigned to a directory, then every new directory under that directory will be assigned to the nginx group. Setting the umask to 002 will cause group write permissions for any file or directory created, instead of only user write as the default umask of 022 would cause. Emmett