English translation
Set directory permissions
In the previous article, we discussed how to upload website files to an Apache2 server. Now, we’ll focus on setting appropriate file permissions and ownership to ensure our website remains both secure and fully functional.
Fundamentals of File Permissions
In Unix/Linux systems, every file and directory has a set of permission settings that determine who can read, write, or execute it. These basic permissions are divided into three categories:
- User (Owner): The user who owns the file.
- Group: Users belonging to the same group as the file owner.
- Other: All remaining users.
You can view file permissions using the ls -l command. For example, here’s a sample output:
-rw-r--r-- 1 www-data www-data 4096 Oct 1 10:00 index.html
This output means:
-rw-r--r--: The permission string.1: Number of hard links.www-data: The file’s owner.www-data: The file’s group.
Setting File Ownership
File ownership and group membership are especially important for web servers like Apache. Typically, the Apache service runs under a specific user—commonly www-data on Debian/Ubuntu systems or apache on CentOS/RHEL systems. Therefore, uploaded files must be assigned to this user.
Command to Change Ownership
To change file ownership, use the chown command. For instance, to assign ownership of all files under /var/www/html to www-data, run:
sudo chown -R www-data:www-data /var/www/html
- The
-Rflag applies the change recursively to the directory and all its contents.
Example Scenario
Suppose you have a website directory at /var/www/html/mywebsite, containing multiple files and subdirectories. You need to ensure Apache can access these files while preventing unauthorized modifications by other users.
-
Change ownership:
sudo chown -R www-data:www-data /var/www/html/mywebsite -
Verify the change:
Runls -lagain to confirm the owner and group are now set towww-data.
Setting File Permissions
File permissions are configured using the chmod command. Our goal is to ensure:
- The owner (user) can read and write (
rw-). - The group and other users can only read (
r--).
Setting Specific Permissions
For website files, you might apply:
sudo chmod -R 750 /var/www/html/mywebsite
Here, 750 breaks down as:
- Owner: read, write, and execute (
rwx= 7). - Group: read and execute (
r-x= 5). - Others: no permissions (
---= 0).
Differentiating Directory and File Permissions
Directories and files often require distinct permissions. Directories need execute permission (x) to allow traversal (“entering” the directory), whereas regular files typically only require read permission (r).
You can set permissions separately for directories and files:
# Set directory permissions
find /var/www/html/mywebsite -type d -exec chmod 750 {} \;
# Set file permissions
find /var/www/html/mywebsite -type f -exec chmod 640 {} \;
The first command locates all directories and assigns 750; the second finds all regular files and assigns 640.
Testing the Configuration
After configuring ownership and permissions, restart the Apache service to ensure all changes take effect:
sudo systemctl restart apache2
Then, open your browser and navigate to http://your_domain_or_ip/mywebsite to verify the site loads correctly.
Summary
In this article, we covered how to properly configure file ownership and permissions for uploaded website files. This step is critical for enabling Apache to serve content reliably while safeguarding it from unauthorized access or modification. In the next article, we’ll explore optimizing your website’s directory structure to further improve performance and maintainability.
Continue