Hello folks!
I'm looking for some help with a Raspberry Pi project I'm working on.
It's a Raspberry Pi 3 Model B+ running Raspbian and Apache server. Everything to do with Apache is up and running - as in I can see the generatde index.html file and edit it in Geany with the gksudo command.
However, my next step is to set up the rest of the web app within the /var/www/html folder. I cannot seem to do this because of permissions. The folder is owned by root and has a group of root.
I've scoured the web and StackOverflow but can't seem to find any solution that either:
A) is the definitive best practice for security
B) make sense to a Raspbian newbie like me
C) works
I decided to pose my question here. What is a secure way to grant myself editing rights to the /var/www/html folder that doesn't violate security rules? Any sort of explanation that you could offer with regards to what the command is doing too would be very appreciated. I'd like to know what's going on so I can learn from it. XD
Top comments (7)
The usual principle is that of 'separation of concerns': ensuring that the web server is unable to modify any files (it only needs to read them back to the client), while a selected group of user accounts, possibly only your own, can create/update them.
Being based on Debian, Raspbian will run the web server as user 'www-data' and group 'www-data'. Thus the contents of /var/www/html should be readable by that user/group - it usually is by default since folders and files in /var/www/html have 'other' read permission already. To grant yourself rights to create/update files you can do a couple of things:
take ownership yourself, the easiest and probably most likely action:
sudo chown -R <yourlogin> /var/www/html
create a group with yourself and other editors in, permit members of that group to change/update files, useful if you will be sharing file updates with other users:
sudo addgroup <editorsgroup>
sudo adduser <yourlogin> <editorsgroup>
sudo adduser <otherlogin> <editorsgroup>
sudo chgrp -R <editorsgroup> /var/www/html
sudo chmod -R g+w /var/www/html
Another good principle is that of least privilege, avoid doing things 'as root', thereby reducing the risk that a mistyped command or malicious script you just grabbed from the 'net can do significant harm. Instead provide yourself (or others) with just enough privilege to get something done in a limited area, as suggested above.
This worked! Thank you so much - and your explanation is perfect, exactly what I needed.
If I might ask you one more question: in that last line, what do the -R g+w parameters do? Everything else I understand.
You're the best!!!
Hi Katie, glad that all worked :)
the -R means 'recursive', hence the change applies down through all files and folders from the starting point
the 'g+w' means 'group, add write', thus it permits anyone in a group to write to the files/folders this command applies to.
Ah, I understand now. I cannot thank you enough, Phil. :D
chmod -R +w /var/www/html
should do the trick.Hi there - that was really helpful. For separation of concerns, I paired this with the steps of another answer but this really help :D
Some comments may only be visible to logged-in visitors. Sign in to view all comments.