A common headache in web development for linux novices are permissions and groups. Maybe by now you know that the www-data user owns Apache’s /var/www files and folders. Why is that important?
Ever had the need to compress your applications files? Maybe you use Gulp or Grunt.
Regardless, we’ve all been met with this:
sudo gulp --production
…and then nothing. You go to view your page and you’re staring at a blank screen.
We need permission from super user to run gulp but we’ve left ourselves with a mess:
$ ls -lA -rw-r--r-- 1 root root 1646 Sep 23 02:27 artisan drwxrwsr-x 3 root root 4096 Sep 23 02:27 bootstrap
So what do we do, time and time again?
$ sudo chown www-data:www-data fusiondesign.app/ -R $ sudo chmod 775 fusiondesign.app/ -R
and everything is good with life again.
Ubuntu and Debian come out of the box with
pam_umask. Pam gives you an environment variable in
/etc/login.defs. Setting umask to 0002 tells your computer to only worry about the world and stop changing group membership and ownership.
…umask is a command that determines the settings of a mask that controls how file permissions are set for newly created files. It also may refer to a function that sets the mask.
— Wikipedia https://en.wikipedia.org/wiki/Umask
So how about when we use sudo?
Use the above command to edit the sudoers file. Then add the following line to the bottom of the file:
* Make sure to reboot or relog after this.
And finally, lets make sure Apache plays nice.
sudo vim /etc/apache2/envvars
You’ll want to open up
/etc/apache2/envvars with your favorite text editor and add/change the following line to:
sudo service apache2 restart
Recap & Cleanup
We updated the umask for our user, the apache user, and our sudoer. This will leave your files untouched when working in
/var/www and throughout your system.
In our next post we’ll be discussing permissions and the default