文件权限;我的www-folder内容应归www-data拥有吗? [英] File permissions; Should my www-folder content be owned by www-data?
问题描述
这可能是一个菜鸟问题,但在任何地方都找不到答案.
This might be a noob question, but can't find an answer anywhere.
我有一个问题,另一个文件权限问题已帮助我ALMOST解决.
I have a problem, which Another file permissions problem have helped me to ALMOST solve.
我已经在具有sudo访问权限的linux( danny )中创建了一个用户. 我还创建了一个新的组,名称ALSO为 danny ,并将用户 danny 添加到了该组. 该组具有sudo(root)访问权限.
I have created a user in linux (danny) which has sudo access. I have also created a new group which name ALSO is danny, and added the user danny to that group. This group has sudo (root) access.
我的所有文件和文件夹都在danny/danny组拥有的 www 文件夹中.
I have all files and folders in my www folder owned by danny/danny group.
我有一个图像上传代码,该代码为 php .此代码无法将图像上传到 www 文件夹下的"图像"文件夹,除非我授予图像文件夹 777 权限.
I have an image-upload code which is php. This code cannot upload images to a folder called "images" folder which is under the www folder, UNLESS I give the images folder 777 permissions.
因此,我按照链接问题的答案进行操作,并确定以" www-data "的身份运行上载脚本的用户.
So, I have followed the answer on the linked question, and have figured out that the user which the upload-script is run as is "www-data".
根据我发布的其他问题的链接上的答案,我需要将 www数据添加到组中...但是我被困在这里...
According to the answer on the link to the other question I posted, I need to add www-data to a group... But I am stuck here...
我应该添加到哪个组?我应该从这里做什么?
Which group should I add to? What should I do from here?
任何提示都值得赞赏.
顺便说一句,这是有关www-data和danny的一些信息
Btw, here is some info about www-data and danny
id www-data:
uid=33(www-data) gid=33(www-data) groups=33(www-data)
id danny
uid=1000(danny) gid=33(www-data) groups=33(www-data)
谢谢,如果您需要更多意见,请告诉我...
Thanks and if you need more input, just let me know...
推荐答案
实际上,您的问题是您需要用户 www-data 拥有对图像的写访问权限文件夹.
Actually, your problem is that you need the user www-data to have write-access to the images folder.
您可能还希望用户 danny 也具有对该文件夹的完全访问权限.
And you probably want user danny to have full access to the folder as well.
附加警告词: 具有可被您的网络服务器写入的文件始终会带来安全风险.确保检查已写入的文件,并确保人们不能上传或更改代码. 概括: *不要让您的网络服务器运行可写或可写文件夹中的脚本. 因此,请确保只有images/文件夹是可写的,并再次检查所写的所有内容实际上都是图像!
Additional word of warning: having files writeable by your webserver is always a security risk. Be sure to check the files that are written, and make sure people can't upload or change code. Summary: * Don't let your webserver run scripts that are writeable, or in a writeable folder. So make sure only the images/ folder is writeable, and doublecheck that everything that is written, is actually an image!
要么:
- 将www-data设置为文件夹的所有者, 和chmod u + rwx www.
- 设置www-data 作为X组的一部分,并更改 该文件夹的所有者为X,并且为chmod g + rwx www.
- 设置文件夹 在您的服务器上是世界可写的(在 在某些情况下,可以接受的解决方案 也是,但安全性较低).
- Set www-data as owner of the folder, and chmod u+rwx www.
- Set www-data as part of a group X, and change the owner of the folder to X, and chmod g+rwx www.
- Set the folder world-writeable on your server (in some cases, an acceptable solution too, but less secure).
这篇关于文件权限;我的www-folder内容应归www-data拥有吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
