How to Check File Ownership in Linux and Fix Permission Issues for Web Servers


28 views

When dealing with web server file permissions, the first step is always to check existing ownership. The ls -l command reveals file permissions and ownership:

ls -l /var/www/new-user/uploads/example.txt
-rw-r--r-- 1 new-user new-user 1024 Jan 10 14:30 example.txt

The output shows the owner (new-user) and group (also new-user in this case). For web servers, files typically need to be readable by the www-data user/group.

To diagnose why /var/www/john works while /var/www/new-user doesn't:

ls -ld /var/www/john /var/www/new-user
drwxr-xr-x 5 john www-data 4096 Jan 5 10:15 /var/www/john
drwxr-xr-x 5 new-user new-user 4096 Jan 10 14:25 /var/www/new-user

The key difference here is the group ownership - john's directory has www-data group while new-user's doesn't.

For Apache/Nginx to serve files, they need:

sudo chown -R new-user:www-data /var/www/new-user
sudo chmod -R 750 /var/www/new-user
find /var/www/new-user -type d -exec chmod 2750 {} \;

This configuration:

  • Sets owner as new-user and group as www-data
  • Gives owner rwx, group r-x, others no access
  • Sets SGID bit (2) to ensure new files inherit group

For upload directories, consider adding this to your deployment script:

# Set ACL for uploads directory
sudo setfacl -Rm u:www-data:rx,d:u:www-data:rx /var/www/new-user/uploads
sudo setfacl -Rm g:www-data:rwx,d:g:www-data:rwx /var/www/new-user/uploads

This ensures:

  • www-data can read/execute directories
  • www-data group has full access to uploaded files
  • Default ACLs maintain permissions for new files

When working with web servers like Apache or Nginx, understanding file ownership is crucial. The standard web server user is typically www-data, and files need proper permissions to be served correctly.

The primary way to check file ownership is using ls -l:

ls -l /var/www/new-user/example.txt
-rw-r--r-- 1 new-user new-group 1234 Jun 10 15:30 example.txt

The output shows the owner (new-user) and group (new-group) of the file.

To compare ownership between your working directory (/var/www/john) and the problematic one:

ls -la /var/www/john > john_perms.txt
ls -la /var/www/new-user > newuser_perms.txt
diff john_perms.txt newuser_perms.txt

For web-accessible files, you typically want www-data to have read access at minimum. Here are solutions:

Option 1: Change Owner to www-data

sudo chown -R www-data:www-data /var/www/new-user

Option 2: Add User to www-data Group

sudo usermod -a -G www-data new-user
sudo chown -R new-user:www-data /var/www/new-user
find /var/www/new-user -type d -exec chmod 775 {} \;
find /var/www/new-user -type f -exec chmod 664 {} \;

To ensure new files created have proper permissions:

sudo -u new-user umask 0002

This ensures new files are created with group write permissions.

If uploaded files still aren't visible:

# Check Apache error logs
sudo tail -f /var/log/apache2/error.log

# Verify SELinux context if applicable
ls -Z /var/www/new-user