Web Development Made Easy – Setting Permissions for Direct Editing

When developing web sites it is important to make small incremental changes and test often.  I’m a big believer in this mantra mostly because I seldom get it right the first time and I need to know where the break actually occurred.  Since I am constantly testing after my incremental changes the time spent uploading changes to the website adds to the development time significantly.  This makes it way too tempting to make large chunks of changes to cut down on the upload steps.  After all, it’s much easier to find the missing curly brace or extra semicolon in one small section of code then it is the entire script.

Therefore, I found it beneficial to set up my environment so I can edit the files directly on the server.

I’m not suggesting that you make a practice of directly editing the files of your “production” version of your website.  Instead, I suggest you have a “test” version of your website that you can edit, save, and test all within a few quick seconds.  As a side note, I’ll be covering how to sync your test server to the production server in another post.

By default, linux and apache have some pretty strict security by default on the web server root directory…And we want to keep it that wasy.  The remainder of this post will show how you can change the ownership properties of these files so only you and the web server or root will have permissions to edit or delete them.

Here are the steps we will be taking:

1.  Create a new group
2.  Add yourself to this group
3.  Change ownership of the files in the web root directory (likely /var/www/).
4.  Create a samba share (If you prefer to edit from another PC).

Create a new group

This new group that we will be creating will be the new owners of all files in the /var/www directory so we will want to keep the name somewhat generic like “web_editor”

groupadd www-pub

Add yourself to this group

usermod -a -G www-pub username

You will need to log out and back in again in order for the group changes to take effect. After you log back in, check your groups:

groups username

Change ownership of the files in the web root directory

sudo chown -R www-data:www-pub /var/www

Set permissions for the root folder at 2775.

  • 2=set group id.
  • 7=rwx for owner, which is www-data in this case.
  • 7=rwx for group, which is www-pub in this case.
  • 5=rx for eeryone.

sudo chmod 2775 /var/www

Then set the 2775 permissions for all directories:

sudo find /var/www -type d -exec chmod 2775 {} +

Then finally, set the permissions for all of the files.

sudo find /var/www -type f -exec chmod 0664 {} +

Create a script to change permissions site-wide
Sometimes the permissions of files in the web root may get out of whack due to editing, copy and pasting, extracting from archives, etc.  I like to script out the permissions so I know when I run it all files in the root have the proper ownership and permissions.

Create a Samba Share

If you plan on editing files from another PC (Windows or Linux), you will need to set up some sort of share.  I like to use Samba shares since I can connect with any of my PC’s, regardless of OS.  To set up a Samba share, you will need to edit /etc/samba/smb.conf

sudo nano /etc/samba/smb.conf

Press CTRL and W at the same time to open a search dialog.  Type in “Share Definitions” and press ENTER.  This will take you to the section where current network shares are listed.  Make the following entry:

comment = Web Server Folders
path = /var/www
browseable = yes
read only = no
create mask = 0664
directory mask = 2775

Press CTRL and X at the same time to close the file.  Confirm save.

Now that the Samba share is created, we will need to restart the Samba service.  At the command prompt, type in the following and press ENTER.

sudo service smbd restart

At this point, you should have a new share called “www”.  You may need to type this directly into your explorer window in order to access it (for example:  \\servername\www\).  In other words, you may not be able see it when browsing network folders.

Leave a Reply

Your email address will not be published. Required fields are marked *