File permissions - 2022 (WordPress)

Uit De Vliegende Brigade
Naar navigatie springen Naar zoeken springen

This article is an extension of Mappen, bestanden & rechten - 2021 (WordPress). The reason for this expansion: As of March 2022, I will no longer be the only one working on the relevant web servers

The problem

In the previous iteration of this permissions system, permissions were configured as follows:

  • Apache: via group (www-data)
  • Administrator: Via owner - That was me myself
  • Others: No rights whatsoever.

Why this no longer works:

  • An administrator has been added, who works under his own name. He does not have any access to folders or files
  • The problem wouldn't be there, if he/she logs in with the same name as me - The situation on CloudWays servers.

Solutions - Long list

  1. All admins log in with the same account - Not a good idea, if only because of the GDPR and the importance of being able to trace actions to individuals
  2. Administrators are added to the group www-data
  3. Administrator rights are controlled via group and Apache rights via Others. Nothing is done with Owner
  4. When an administrator needs to work with an instance owned by the other administrator: First take ownership of all objects with chown. Bit of overkill, but it's finally a solution
  5. Something with ACL?
  6. Settings or scripts that work with default settings for new objects?
  7. has this article about permissions. Maybe there's something interesting in there?

Add admins to www-data

I've added admins to this group - Will it really be so easy?

See also