Solution for the interoperability permissions between ftp and apache user files of VM users

Source: Internet
Author: User
Recently, I used linux virtual hosts to learn about more advanced permission management in linux. if you want to delete the entire directory after installing the PHP program, you will find that apache users generate some files and ftp users cannot delete them. & nbsp; in fact, this is a solution. & Nbsp;

Recently, I used linux virtual hosts to learn about more advanced permission management in linux. if you want to delete the entire directory after installing the PHP program, you will find that apache users generate some files and ftp users cannot delete them.

In fact, there is a solution.

Method 1. user group control method
First, add the virtual user (ftp user) in all VM hosts to the apache Group. Then, set umask to 002, so that both the user and the group have the read and write permissions. This is a relatively easy method, but it is not safe. Different users can delete files of the other party, because the group has the read and write permissions.

Method 2: use the linux Advanced permission management acl.

Set the dual permission for a directory. in addition to the user's user group, add the apache permission to read and write the user.
In this way, the user can delete files generated by apache, but other virtual users cannot delete files in other groups.

Next let's take a look at the second control method.

In linux, users in the same group and other users are not allowed to assign one file (directory) permission to the three types of users. you can also specify other users or groups, however, there is a premise that the acl option is added when the partition is mounted, for example:
Mount/dev/hda1/home-o acl.

Then you can use
Setfacl-m u: ftp: rwx/home/ftp/www
Command to assign all permissions to the/home/ftp/www directory for ftp users

If you want to create directories and files under/home/ftp/www/, you have the same permissions.
Setfacl-d-m u: ftp: rwx/home/ftp/www

Set the default permissions. this command can also control different permissions of multiple users, such
Setfacl-m u: ftp: rwx/home/www;
Setfacl-m u: tmp: r-x/home/www;
Ftp users have all permissions, and tmp users have read-only permissions.

You can also set the mask value:
Setfacl-m: rwx/home/www;

In this way, you can allow the user of the VM and the user of apache to have the permission to operate files and directories. for example, the user name of the apache user is apache and the user name of the VM is vmuser, the directory is/home/vmuser/www. you can use the following command:
Setfacl-m u: vmuser: rwx/home/vmuser/www;
Setfacl-m u: apache: rwx/home/vmuser/www;
Setfacl-d-m u: vmuser: rwx/home/vmuser/www;
Setfacl-d-m u: apache: rwx/home/vmuser/www;
Setfacl-m: rwx/home/vmuser/www;
Setfacl-d-m: rwx/home/vmuser/www;

In this way, when installing the PHP program, you will not be prompted that apache users do not have the permission to write files, and when you want to delete a directory, it cannot be deleted because of the following apache user-generated files. Of course, this method is somewhat limited because it can only be used in ext2 and ext3 partition formats. Others, such as xfs and jfs, cannot be used directly and can only be used after modification.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.