EC2 用户权限 [英] EC2 user permissions

问题描述

我刚刚设置了我的第一个 AWS EC2 服务器实例，但遇到了上传图片脚本的权限问题.var/www"(和所有子目录)所有者是ec2-user"，但是 apache 服务器作为apache"运行.因此，由 php 脚本(使用 mkdir)动态创建的所有目录都将 'apache' 作为所有者(它似乎没有写权限)我当然可以将 apache 用户更改为ec2user"，但我担心这可能存在安全风险.这样做的正确方法是什么?感谢您的帮助.

I just set up my first instance of AWS EC2 server and I'm running into an issue with permissions on a script uploading pictures. 'var/www' (and all subdirectories) owner is 'ec2-user' however the apache server is running as 'apache'. Therefore all directories created dynamically by the php script (using mkdir) have 'apache' as the owner (which it seems doesn't have write permissions) I could certainly change the apache user to 'ec2user' but I'm worried that might be a security risk. What's the correct way of doing this? Thanks for your help.

推荐答案

这是一个纯粹的 Linux 权限问题，而不是 AWS 问题.我刚刚创建了一个 Amazon Linux 实例并在/var

This is a pure Linux permission problem, not an AWS problem. I just created an Amazon Linux instance and verified permissions in /var

 [ec2-user@ip-1-1-1-174 ~]$ ls -ald /var/www
 drwxr-xr-x 7 root root 4096 Oct 22 23:34 /var/www

如您所见，所有权是 root 而不是 ec2-user.您应该首先了解什么/为什么您看到 /var/www/ 到 ec2-user

As you see, ownership is root and not ec2-user. You should understand first what / why you see permission on /var/www/ to ec2-user

如果需要再次更改那个目录的所有者，可以输入:

Should need to change the owner of that directory again, you can type :

 chown -R root:root /var/www

让您的 Web 服务器 (httpd) 写入 /var/www 或以提升的权限(例如 root)运行该进程不是最佳做法.如果您的应用程序真的写入本地存储，请使用不同的卷，安装在单独的目录中，其中没有可用的可执行文件.

It is not a best practice to let your web server (httpd) write to /var/www nor to run that process with elevated privileges (such as root). Should your app really write to the local storage, use a different volume, mounted in a separate directory, where no executable are available.

这篇关于EC2 用户权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！