loading...
Cover image for SOLVED: Raspberry Pi Permissions

SOLVED: Raspberry Pi Permissions

katieadamsdev profile image Katie Adams Updated on ・1 min read

Hello folks!

I'm looking for some help with a Raspberry Pi project I'm working on.

It's a Raspberry Pi 3 Model B+ running Raspbian and Apache server. Everything to do with Apache is up and running - as in I can see the generatde index.html file and edit it in Geany with the gksudo command.

However, my next step is to set up the rest of the web app within the /var/www/html folder. I cannot seem to do this because of permissions. The folder is owned by root and has a group of root.

I've scoured the web and StackOverflow but can't seem to find any solution that either:
A) is the definitive best practice for security
B) make sense to a Raspbian newbie like me
C) works

I decided to pose my question here. What is a secure way to grant myself editing rights to the /var/www/html folder that doesn't violate security rules? Any sort of explanation that you could offer with regards to what the command is doing too would be very appreciated. I'd like to know what's going on so I can learn from it. XD

Posted on by:

katieadamsdev profile

Katie Adams

@katieadamsdev

Web developer at Greggs, UK with a proficiency in VueJS, among other JavaScript frameworks. I'm also passionate about web design, and mobile app development.

Discussion

pic
Editor guide
 

The usual principle is that of 'separation of concerns': ensuring that the web server is unable to modify any files (it only needs to read them back to the client), while a selected group of user accounts, possibly only your own, can create/update them.

Being based on Debian, Raspbian will run the web server as user 'www-data' and group 'www-data'. Thus the contents of /var/www/html should be readable by that user/group - it usually is by default since folders and files in /var/www/html have 'other' read permission already. To grant yourself rights to create/update files you can do a couple of things:

  • take ownership yourself, the easiest and probably most likely action:

    sudo chown -R <yourlogin> /var/www/html

  • create a group with yourself and other editors in, permit members of that group to change/update files, useful if you will be sharing file updates with other users:

    sudo addgroup <editorsgroup>
    sudo adduser <yourlogin> <editorsgroup>
    sudo adduser <otherlogin> <editorsgroup>
    sudo chgrp -R <editorsgroup> /var/www/html
    sudo chmod -R g+w /var/www/html

Another good principle is that of least privilege, avoid doing things 'as root', thereby reducing the risk that a mistyped command or malicious script you just grabbed from the 'net can do significant harm. Instead provide yourself (or others) with just enough privilege to get something done in a limited area, as suggested above.

 

This worked! Thank you so much - and your explanation is perfect, exactly what I needed.

If I might ask you one more question: in that last line, what do the -R g+w parameters do? Everything else I understand.

You're the best!!!

 

Hi Katie, glad that all worked :)

the -R means 'recursive', hence the change applies down through all files and folders from the starting point

the 'g+w' means 'group, add write', thus it permits anyone in a group to write to the files/folders this command applies to.

Ah, I understand now. I cannot thank you enough, Phil. :D

 

chmod -R +w /var/www/html should do the trick.

 

Hi there - that was really helpful. For separation of concerns, I paired this with the steps of another answer but this really help :D

 

I think I am facing a similar problem here. I'm trying to install the pip library in my raspberry pi but it keeps failing. Decided to increase the size in my etc/dphys-swapfile folder but i keep seeing the error message which says operation not permitted. I need help giving permission access to my user pi because it seems all remote access belongs to the user root. I have tried all other possible methods but it won't work

ANY HELP GUYS???