How to Check File Ownership in Linux and Fix Permission Issues for Web Servers


8 views

When dealing with web server file permissions, the first step is always to check existing ownership. The ls -l command reveals file permissions and ownership:

ls -l /var/www/new-user/uploads/example.txt
-rw-r--r-- 1 new-user new-user 1024 Jan 10 14:30 example.txt

The output shows the owner (new-user) and group (also new-user in this case). For web servers, files typically need to be readable by the www-data user/group.

To diagnose why /var/www/john works while /var/www/new-user doesn't:

ls -ld /var/www/john /var/www/new-user
drwxr-xr-x 5 john www-data 4096 Jan 5 10:15 /var/www/john
drwxr-xr-x 5 new-user new-user 4096 Jan 10 14:25 /var/www/new-user

The key difference here is the group ownership - john's directory has www-data group while new-user's doesn't.

For Apache/Nginx to serve files, they need:

sudo chown -R new-user:www-data /var/www/new-user
sudo chmod -R 750 /var/www/new-user
find /var/www/new-user -type d -exec chmod 2750 {} \;

This configuration:

  • Sets owner as new-user and group as www-data
  • Gives owner rwx, group r-x, others no access
  • Sets SGID bit (2) to ensure new files inherit group

For upload directories, consider adding this to your deployment script:

# Set ACL for uploads directory
sudo setfacl -Rm u:www-data:rx,d:u:www-data:rx /var/www/new-user/uploads
sudo setfacl -Rm g:www-data:rwx,d:g:www-data:rwx /var/www/new-user/uploads

This ensures:

  • www-data can read/execute directories
  • www-data group has full access to uploaded files
  • Default ACLs maintain permissions for new files

When working with web servers like Apache or Nginx, understanding file ownership is crucial. The standard web server user is typically www-data, and files need proper permissions to be served correctly.

The primary way to check file ownership is using ls -l:

ls -l /var/www/new-user/example.txt
-rw-r--r-- 1 new-user new-group 1234 Jun 10 15:30 example.txt

The output shows the owner (new-user) and group (new-group) of the file.

To compare ownership between your working directory (/var/www/john) and the problematic one:

ls -la /var/www/john > john_perms.txt
ls -la /var/www/new-user > newuser_perms.txt
diff john_perms.txt newuser_perms.txt

For web-accessible files, you typically want www-data to have read access at minimum. Here are solutions:

Option 1: Change Owner to www-data

sudo chown -R www-data:www-data /var/www/new-user

Option 2: Add User to www-data Group

sudo usermod -a -G www-data new-user
sudo chown -R new-user:www-data /var/www/new-user
find /var/www/new-user -type d -exec chmod 775 {} \;
find /var/www/new-user -type f -exec chmod 664 {} \;

To ensure new files created have proper permissions:

sudo -u new-user umask 0002

This ensures new files are created with group write permissions.

If uploaded files still aren't visible:

# Check Apache error logs
sudo tail -f /var/log/apache2/error.log

# Verify SELinux context if applicable
ls -Z /var/www/new-user