[CentOS] set default permission to deployuser:deployuser for nfs common mount point /mnt/test

Wed Nov 9 13:13:50 UTC 2022
Simon Matter <simon.matter at invoca.ch>

> On Wed, Nov 9, 2022 at 3:26 PM Simon Matter <simon.matter at invoca.ch>
> wrote:
>
>> > On Mon, Nov 7, 2022 at 8:50 AM Kaushal Shriyan
>> <kaushalshriyan at gmail.com
>> >
>> > wrote:
>> >
>> >> Thanks Emmett for the suggestion. I will keep you posted once it is
>> >> done.
>> >> Thanks in advance.
>> >>
>> >>
>> > Hi Emmett,
>> >
>> > I have a follow up question regarding permissions. I am running a php
>> > application hosted on the nginx version: nginx/1.22.0
>> > using php74-fpm-7.4.32-1.el7.ius.x86_64  running on CentOS Linux
>> release
>> > 7.9.2009 (Core)I have this folder
>> > /var/www/html/gsmaidp/web/sites/default/files folder which is owned by
>> > deployuser.
>> >
>> > *drwrwsrwx 25 deployuser deployuser  4096 Nov  9 08:23 files*
>> >
>> > #id deployuser
>> > uid=1001(deployuser) gid=1002(deployuser)
>> > groups=1002(deployuser),995(nginx),994(php-fpm)
>> >
>> > ps aux | grep php
>> > root     27692  0.0  0.0 473296 14648 ?        Ss   09:23   0:00
>> php-fpm:
>> > master process (/etc/php-fpm.conf)
>> > nginx    27693  0.0  0.1 475476 17980 ?        S    09:23   0:00
>> php-fpm:
>> > pool www
>> > nginx    27694  0.0  0.1 475476 16440 ?        S    09:23   0:00
>> php-fpm:
>> > pool www
>> > nginx    27695  0.0  0.1 475476 16412 ?        S    09:23   0:00
>> php-fpm:
>> > pool www
>> > nginx    27696  0.0  0.1 475476 16420 ?        S    09:23   0:00
>> php-fpm:
>> > pool www
>> > nginx    27697  0.0  0.1 475492 16428 ?        S    09:23   0:00
>> php-fpm:
>> > pool www
>> >
>> > ps aux | grep nginx
>> > root      3392  0.0  0.0  51264  1368 ?        Ss   Oct21   0:00
>> nginx:
>> > master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
>> > nginx     3393  0.0  0.0  52356  4380 ?        S    Oct21   0:51
>> nginx:
>> > worker process
>> > nginx     3394  0.0  0.0  52396  4648 ?        S    Oct21   1:45
>> nginx:
>> > worker process
>> > nginx     3395  0.0  0.0  52488  4648 ?        S    Oct21   5:38
>> nginx:
>> > worker process
>> > nginx     3396  0.0  0.0  52500  4652 ?        S    Oct21   8:32
>> nginx:
>> > worker process
>> > nginx    27693  0.0  0.1 475476 17980 ?        S    09:23   0:00
>> php-fpm:
>> > pool www
>> > nginx    27694  0.0  0.1 475476 16440 ?        S    09:23   0:00
>> php-fpm:
>> > pool www
>> > nginx    27695  0.0  0.1 475476 16412 ?        S    09:23   0:00
>> php-fpm:
>> > pool www
>> > nginx    27696  0.0  0.1 475476 16420 ?        S    09:23   0:00
>> php-fpm:
>> > pool www
>> > nginx    27697  0.0  0.1 475492 16428 ?        S    09:23   0:00
>> php-fpm:
>> > pool www
>> >
>> > Whenever any new files like images or pdf files or new subfolders
>> created
>> > inside /var/www/html/gsmaidp/web/sites/default/files folder by the php
>> > application the files or subfolders have user and group ownership of
>> nginx
>> > user.
>> >
>> > Is there a way to have ownership of all new files and subfolders to
>> > deployuser created under
>> /var/www/html/gsmaidp/web/sites/default/files. I
>> > set SETGID (SET Group ID) flag of chmod as per below but the file is
>> still
>> > owned by nginx user.
>> >
>> > #cd  /var/www/html/gsmaidp/web/sites/default/
>> > #chmod g+s files
>>
>> also do chmod 2775 files
>> then, create a file in files/ as user nginx, it should then be owned by
>> nginx:deployuser
>>
>> I think you can not set owner this way, only the group.
>>
>> >
>> > I also tried the ACL method but the new files and  subfolders are
>> still
>> > owned by nginx user.
>> >
>> > #setfacl -Rdm u:deployuser:rwx,g:deployuser:rwx,o::rwx files
>> > #setfacl -Rm u:deployuser:rwx,g:deployuser:rwx,o::rwx files
>>
>> I guess fiddling with ACLs just makes it more complicated :)
>>
>> Regards,
>> Simon
>>
>>
> Thanks Simon for the email response. Is there a way to have consistent
> deployuser (user and group ownership) on new files and subfolders created
> inside files directory?
>
> cd /var/www/html/gsmaidp/web/sites/default/files/
>
> #ls -l  image15.png
> -rw-rw-r--+ 1 nginx deployuser  387071 Nov  9 08:27 image15.png

That's the expected behaviour.

>
> to
>
> #ls -l  image15.png
> -rw-rw-r--+ 1 deployuser deployuser  387071 Nov  9 08:27 image15.png

I'm not aware of any way to do that. I thought a newly created file always
has the ownership of the creating user. Maybe it's possible somehow but I
don't know it.

>
> Apologies for bugging. Please suggest further. Thanks in advance
>
> Best Regards,
>
> Kaushal
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>