re: SOLVED: Raspberry Pi Permissions VIEW POST

FULL DISCUSSION
 

The usual principle is that of 'separation of concerns': ensuring that the web server is unable to modify any files (it only needs to read them back to the client), while a selected group of user accounts, possibly only your own, can create/update them.

Being based on Debian, Raspbian will run the web server as user 'www-data' and group 'www-data'. Thus the contents of /var/www/html should be readable by that user/group - it usually is by default since folders and files in /var/www/html have 'other' read permission already. To grant yourself rights to create/update files you can do a couple of things:

  • take ownership yourself, the easiest and probably most likely action:

    sudo chown -R <yourlogin> /var/www/html

  • create a group with yourself and other editors in, permit members of that group to change/update files, useful if you will be sharing file updates with other users:

    sudo addgroup <editorsgroup>
    sudo adduser <yourlogin> <editorsgroup>
    sudo adduser <otherlogin> <editorsgroup>
    sudo chgrp -R <editorsgroup> /var/www/html
    sudo chmod -R g+w /var/www/html

Another good principle is that of least privilege, avoid doing things 'as root', thereby reducing the risk that a mistyped command or malicious script you just grabbed from the 'net can do significant harm. Instead provide yourself (or others) with just enough privilege to get something done in a limited area, as suggested above.

 

This worked! Thank you so much - and your explanation is perfect, exactly what I needed.

If I might ask you one more question: in that last line, what do the -R g+w parameters do? Everything else I understand.

You're the best!!!

 

Hi Katie, glad that all worked :)

the -R means 'recursive', hence the change applies down through all files and folders from the starting point

the 'g+w' means 'group, add write', thus it permits anyone in a group to write to the files/folders this command applies to.

Ah, I understand now. I cannot thank you enough, Phil. :D

code of conduct - report abuse