Re: set default permission to deployuser:deployuser for nfs common mount point /mnt/test

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 11/9/22 2:08 AM, Kaushal Shriyan wrote:
On Wed, Nov 9, 2022 at 3:26 PM Simon Matter <simon.matter@xxxxxxxxx> wrote:

On Mon, Nov 7, 2022 at 8:50 AM Kaushal Shriyan <kaushalshriyan@xxxxxxxxx

wrote:

Thanks Emmett for the suggestion. I will keep you posted once it is
done.
Thanks in advance.


Hi Emmett,

I have a follow up question regarding permissions. I am running a php
application hosted on the nginx version: nginx/1.22.0
using php74-fpm-7.4.32-1.el7.ius.x86_64  running on CentOS Linux release
7.9.2009 (Core)I have this folder
/var/www/html/gsmaidp/web/sites/default/files folder which is owned by
deployuser.

*drwrwsrwx 25 deployuser deployuser  4096 Nov  9 08:23 files*

#id deployuser
uid=1001(deployuser) gid=1002(deployuser)
groups=1002(deployuser),995(nginx),994(php-fpm)

ps aux | grep php
root     27692  0.0  0.0 473296 14648 ?        Ss   09:23   0:00 php-fpm:
master process (/etc/php-fpm.conf)
nginx    27693  0.0  0.1 475476 17980 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27694  0.0  0.1 475476 16440 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27695  0.0  0.1 475476 16412 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27696  0.0  0.1 475476 16420 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27697  0.0  0.1 475492 16428 ?        S    09:23   0:00 php-fpm:
pool www

ps aux | grep nginx
root      3392  0.0  0.0  51264  1368 ?        Ss   Oct21   0:00 nginx:
master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx     3393  0.0  0.0  52356  4380 ?        S    Oct21   0:51 nginx:
worker process
nginx     3394  0.0  0.0  52396  4648 ?        S    Oct21   1:45 nginx:
worker process
nginx     3395  0.0  0.0  52488  4648 ?        S    Oct21   5:38 nginx:
worker process
nginx     3396  0.0  0.0  52500  4652 ?        S    Oct21   8:32 nginx:
worker process
nginx    27693  0.0  0.1 475476 17980 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27694  0.0  0.1 475476 16440 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27695  0.0  0.1 475476 16412 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27696  0.0  0.1 475476 16420 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27697  0.0  0.1 475492 16428 ?        S    09:23   0:00 php-fpm:
pool www

Whenever any new files like images or pdf files or new subfolders created
inside /var/www/html/gsmaidp/web/sites/default/files folder by the php
application the files or subfolders have user and group ownership of
nginx
user.

Is there a way to have ownership of all new files and subfolders to
deployuser created under /var/www/html/gsmaidp/web/sites/default/files. I
set SETGID (SET Group ID) flag of chmod as per below but the file is
still
owned by nginx user.

#cd  /var/www/html/gsmaidp/web/sites/default/
#chmod g+s files

also do chmod 2775 files
then, create a file in files/ as user nginx, it should then be owned by
nginx:deployuser

I think you can not set owner this way, only the group.


I also tried the ACL method but the new files and  subfolders are still
owned by nginx user.

#setfacl -Rdm u:deployuser:rwx,g:deployuser:rwx,o::rwx files
#setfacl -Rm u:deployuser:rwx,g:deployuser:rwx,o::rwx files

I guess fiddling with ACLs just makes it more complicated :)

Regards,
Simon


Thanks Simon for the email response. Is there a way to have consistent
deployuser (user and group ownership) on new files and subfolders created
inside files directory?

cd /var/www/html/gsmaidp/web/sites/default/files/

#ls -l  image15.png
-rw-rw-r--+ 1 nginx deployuser  387071 Nov  9 08:27 image15.png

to

#ls -l  image15.png
-rw-rw-r--+ 1 deployuser deployuser  387071 Nov  9 08:27 image15.png

Apologies for bugging. Please suggest further. Thanks in advance

Best Regards,

Kaushal

It is not clear to me what you are asking, however I can tell you that when the GID bit is set on a directory, every new directory created in that directory will be set to the GID of that directory.  So if nginx is the group assigned to a directory, then every new directory under that directory will be assigned to the nginx group.

Setting the umask to 002 will cause group write permissions for any file or directory created, instead of only user write as the default umask of 022 would cause.

Emmett
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux