EC2用户权限 [英] EC2 user permissions

问题描述

我刚刚设置了我的第一个AWS EC2服务器实例，却遇到了上传图片的脚本的权限问题. "var/www"(和所有子目录)的所有者是"ec2-user"，但是apache服务器正在作为"apache"运行. 因此，由php脚本(使用mkdir)动态创建的所有目录均以"apache"作为所有者(似乎没有写权限) 我当然可以将apache用户更改为"ec2user"，但我担心这可能会带来安全风险.正确的做法是什么? 感谢您的帮助.

I just set up my first instance of AWS EC2 server and I'm running into an issue with permissions on a script uploading pictures. 'var/www' (and all subdirectories) owner is 'ec2-user' however the apache server is running as 'apache'. Therefore all directories created dynamically by the php script (using mkdir) have 'apache' as the owner (which it seems doesn't have write permissions) I could certainly change the apache user to 'ec2user' but I'm worried that might be a security risk. What's the correct way of doing this? Thanks for your help.

推荐答案

这是一个纯粹的Linux权限问题，而不是AWS问题. 我刚刚创建了一个Amazon Linux实例并在/var

This is a pure Linux permission problem, not an AWS problem. I just created an Amazon Linux instance and verified permissions in /var

 [ec2-user@ip-1-1-1-174 ~]$ ls -ald /var/www
 drwxr-xr-x 7 root root 4096 Oct 22 23:34 /var/www

如您所见，所有权是root而不是ec2-user.您应该首先了解什么/为什么看到/var/www/到ec2-user

As you see, ownership is root and not ec2-user. You should understand first what / why you see permission on /var/www/ to ec2-user

需要再次更改该目录的所有者，您可以输入:

Should need to change the owner of that directory again, you can type :

 chown -R root:root /var/www

最好不要让您的Web服务器(httpd)写入/var/www，也不要以提升的特权(例如root)运行该进程. 如果您的应用程序确实要写入本地存储，请使用安装在单独目录中的其他卷，该目录中没有可执行文件.

It is not a best practice to let your web server (httpd) write to /var/www nor to run that process with elevated privileges (such as root). Should your app really write to the local storage, use a different volume, mounted in a separate directory, where no executable are available.

这篇关于EC2用户权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！