Webserver file permissions for development environments

Some commands to realign the file permissions for linux-based Magento development environments.
created by on 2013-01-08

Steps for a Magento installation on Ubuntu Linux:

  1. Create a runtime user group
  2. Addd all developers and the apache user to this group
  3. Make the apache user the owner of the website
  4. Assign the group ownership of the website to the new runtime user group
  5. Set appropiate permissions
  6. Make sure the group ownership is inherited for newly created files and folders

Example code:

# Create a runtime user group
sudo addgroup "magento-runtime"

# Assign user to the new runtime user group
sudo adduser developer1 magento-runtime
sudo adduser www-data magento-runtime

# Assign the ownership of all files and directories to the apache user "www-data"
sudo chown www-data -R /var/www/vhosts/magento-admin-dev.example.com

# Assign the group ownership to the "magento-runtime" group
sudo chgrp magento-runtime -R /var/www/vhosts/magento-admin-dev.example.com

# Assign permissions on all directories (Owner: full access, Group: full access, Others: read and execute)
sudo find /var/www/vhosts/magento-admin-dev.example.com -type d -exec chmod 775 {} \;

# Assign permissions on all files (Owner: read and write, Group: read and write, Others: read)
sudo find /var/www/vhosts/magento-admin-dev.example -type f -exec chmod 664 {} \;

# Set the stick-bit to inherit the group ownership to new files and folders
sudo chmod g+s /var/www/vhosts/example

Moving the sample code into a shell script:

set-webserver-group-permissions.sh

#!/bin/bash

wwwfolder=/var/www/vhosts/magento-dev.arvato-hightech-ecommerce.com

groupname="magento-runtime"
developmentuser=dev
webserveruser=www-data

# Create a runtime user group
sudo addgroup $groupname

# Assign user to the new runtime user group
sudo adduser $developmentuser $groupname
sudo adduser $webserveruser $groupname

# Assign the ownership of all files and directories to the apache user "www-data"
sudo chown www-data -R $wwwfolder

# Assign the group ownership to the "magento-runtime" group
sudo chgrp magento-runtime -R $wwwfolder

# Assign permissions on all directories (Owner: full access, Group: full access, Others: read and execute)
sudo find $wwwfolder -type d -exec chmod 775 {} \;

# Assign permissions on all files (Owner: read and write, Group: read and write, Others: read)
sudo find $wwwfolder -type f -exec chmod 664 {} \;

# Set the stick-bit to inherit the group ownership to new files and folders
sudo chmod g+s $wwwfolder

Links

Tags:
Fork allmark on GitHub