92

I’m running a webserver and FTP server, wherein /var/www is bound to /home/user/www.

I set both directories to chmod 777 (which is fine since it’s for testing only).

I can upload files into /home/user/www, but whenever I create a new directory, I always have to run chmod 777 on that folder.

Otherwise, when I try to browse it, I get the error message

You don't have permission to access /test/ on this server.

Is there a way I could make all sub-folders inside /var/www be accessible by anyone? Or could their permissions be automatically set to 777? It’s annoying that I have to type chmod 777 every time.

jokerdino
  • 41,732
user1645034
  • 1,089

6 Answers6

148

This is bad practice, but hopefully you are just using this for development, or you have another good reason. You can specify the permissions when you create a directory using the -m option:

mkdir -m 777 dirname

Or you can set the permissions recursively.

sudo chmod -R 777 /var/www

Before using either of these, really consider if you want your filesystem to be so accessible.

Edit: As mentioned by Rinzwind here is a better way of accomplishing what you want.

Check what group owns your /var/www directory and add your user to that group.

sudo adduser yourusername group

The group is probably www-data.

Then you will be OK with setting your permissions to 775.

jokerdino
  • 41,732
Dan
  • 6,784
12

Files and directories in Unix may have three types of permissions: read (r), write (w), and execute (x). Each permission may be on or off for each of three categories of users: the file or directory owner; other people in the same group as the owner; and all others. To change the mode of a file, use the chmod command. The general form is chmod X@Y file1 file2 ...

chmod a-w file (removes all writing permissions)
chmod o+x file (sets execute permissions for other (public permissions))
chmod u=rx file        (Give the owner rx permissions, not w)
chmod go-rwx file      (Deny rwx permission for group, others)
chmod g+w file         (Give write permission to the group)
chmod a+x file1 file2  (Give execute permission to everybody)
chmod g+rx,o+x file    (OK to combine like this with a comma)

u = user that owns the file
g = group that owns the file
o = other (everyone else)
a = all (everybody)

r = read aces to the file
w = write access
x = execute (run) access
anonymous2
  • 4,325
Lokesh Kumar Bandi
  • 129
9
cd /var/www
find -type d ! -perm 777 -exec chmod 777 {} \;

for the ftp creating all files with different permissions, you might want to look for the umask of ftpd, how that daemon is started

Take a look to this site https://linuxaria.com/article/linux-shell-understanding-umask-with-examples

Jose Pla
  • 91
  • 1
  • 3
8

Public service announcement:

Don't ever use chmod 777 to fix problems

  • It's a security risk if you run any services available to the public, especially web applications (eg PHP).

    The OS's security model assumes that many services (such as your web server) run with reduced privileges, preventing them being able to modify files. Setting 777 on files breaks that secure design.

    A remote user could write to or upload files and then trick the server (or some other process on your system) into reading or executing them. Scripts or software may have flaws that allow this. It's very difficult to be sure you have locked down every single way this could happen if there are world-writable directories.

  • Used in certain system directories (/usr, /etc, /var, and so on), it can break your system in surprising ways.

    Some essential system files need special permissions such as setuid/setgid permissions in order to run. For example, sudo. Avoid changing any file permissions on directories and files set up by the system itself.

  • There's no way to undo it and get back all the old permissions.

    That is, if you had files and folders with various different permissions before, there's no way to go back to those specific permissions - only to change them all to the same thing, which may lose any specific permission settings that were needed on specific files.

  • There is always a more appropriate way of achieving what it is you want to achieve.

The default setup Ubuntu (and other OSes) use of running the web server as an unprivileged user and having the website files world-readable is a reasonable secure choice and in the interests of consistency, shouldn't be varied unless necessary. So, to ensure that the unprivileged server process can read your website files they will need to be world-readable.

Giving world-writable permission is way more than you need to do.

When tracking down why the web server process can't read your files, remember that not only do the files themselves need to be world-readable (eg, 644) their parent directories should be world-readable and traversable (eg, 755). Set your home directory to something like 755, or if you don't want your home directory world-readable, move your www dir outside your home into somewhere like /var/www or /srv).

Note about making files writable:

Occasionally, you need your web server to be able to write to certain files. To achieve this, make sure you only allow write permission on the specific files you want to give that permission for, and it's still better to use group ownership and group-write bit to give that permission that make them world-writable.

thomasrutter
  • 37,804
2

If you would like to copy permissions and or ownership from another file that you're satisfied with, you can do so using sudo chmod --reference=path/to/file/to/reference path/to/file/you/want/to/change/permission/to

And you can do the same thing for file ownership as well.

Amir Khalil
  • 181
1

This does not work to me.

sudo chmod -f 777 /path/to/your/file/or/directory

I have to use -f also.

sudo chmod -R -f 777 /path/to/your/file/or/directory
Janaka Pushpakumara
  • 201