DEV Community

Cover image for SOLVED: Raspberry Pi Permissions
Katie Adams
Katie Adams

Posted on • Edited on

SOLVED: Raspberry Pi Permissions

Hello folks!

I'm looking for some help with a Raspberry Pi project I'm working on.

It's a Raspberry Pi 3 Model B+ running Raspbian and Apache server. Everything to do with Apache is up and running - as in I can see the generatde index.html file and edit it in Geany with the gksudo command.

However, my next step is to set up the rest of the web app within the /var/www/html folder. I cannot seem to do this because of permissions. The folder is owned by root and has a group of root.

I've scoured the web and StackOverflow but can't seem to find any solution that either:
A) is the definitive best practice for security
B) make sense to a Raspbian newbie like me
C) works

I decided to pose my question here. What is a secure way to grant myself editing rights to the /var/www/html folder that doesn't violate security rules? Any sort of explanation that you could offer with regards to what the command is doing too would be very appreciated. I'd like to know what's going on so I can learn from it. XD

Top comments (7)

Collapse
 
phlash profile image
Phil Ashby

The usual principle is that of 'separation of concerns': ensuring that the web server is unable to modify any files (it only needs to read them back to the client), while a selected group of user accounts, possibly only your own, can create/update them.

Being based on Debian, Raspbian will run the web server as user 'www-data' and group 'www-data'. Thus the contents of /var/www/html should be readable by that user/group - it usually is by default since folders and files in /var/www/html have 'other' read permission already. To grant yourself rights to create/update files you can do a couple of things:

  • take ownership yourself, the easiest and probably most likely action:

    sudo chown -R <yourlogin> /var/www/html

  • create a group with yourself and other editors in, permit members of that group to change/update files, useful if you will be sharing file updates with other users:

    sudo addgroup <editorsgroup>
    sudo adduser <yourlogin> <editorsgroup>
    sudo adduser <otherlogin> <editorsgroup>
    sudo chgrp -R <editorsgroup> /var/www/html
    sudo chmod -R g+w /var/www/html

Another good principle is that of least privilege, avoid doing things 'as root', thereby reducing the risk that a mistyped command or malicious script you just grabbed from the 'net can do significant harm. Instead provide yourself (or others) with just enough privilege to get something done in a limited area, as suggested above.

Collapse
 
katieadamsdev profile image
Katie Adams

This worked! Thank you so much - and your explanation is perfect, exactly what I needed.

If I might ask you one more question: in that last line, what do the -R g+w parameters do? Everything else I understand.

You're the best!!!

Collapse
 
phlash profile image
Phil Ashby

Hi Katie, glad that all worked :)

the -R means 'recursive', hence the change applies down through all files and folders from the starting point

the 'g+w' means 'group, add write', thus it permits anyone in a group to write to the files/folders this command applies to.

Thread Thread
 
katieadamsdev profile image
Katie Adams

Ah, I understand now. I cannot thank you enough, Phil. :D

Collapse
 
tobiassn profile image
Tobias SN

chmod -R +w /var/www/html should do the trick.

Collapse
 
katieadamsdev profile image
Katie Adams

Hi there - that was really helpful. For separation of concerns, I paired this with the steps of another answer but this really help :D

Some comments may only be visible to logged-in visitors. Sign in to view all comments.