Previously, I configured nginx and transmission inside a Docker instance. No serious problem with the permission, maybe because everything was done by using the root user. Just purchased new VPS and using the non-root user, then things started getting weird.
the setup
Transmission-daemon (user: debian-tranmission) is the torrent service, serving the UI through web interface. Because I don’t want to SFTP to download things from there or to set an FTP service, I set up nginx (user: www-data) to serve a directory listing by using a PHP script called Directory Lister. It is quite an active project FYI.
the problem with the original setup
Let’s say that Transmission’s download folder is located at ~/downloaded, what I will usually do is (credit to Matthew Manning):
sudo chown $USER:debian-transmission ~/downloaded
sudo chmod g+w ~/downloaded
But the problem with this setup is that if the nginx is serving the folder ~/downloaded as declared in its vHost file, very likely when you try to access it from the web browser it will return Error 403. If you give nginx (www-data) the permission to write into the ~/downloaded folder, that will remove the ability of debian-transmission to write into that folder.
How to fix this?
assign 2 users into a new group
Fun fact 1: users in Linux can belong to more than one group, hence a user can be in multiple groups. That’s convenient!
I am suggesting a fix where we create a new group, then add www-data and debian-transmission to that group. Create a new group with the name newgroup or whatever name you prefer by using the groupadd command, then add 2 users to that group by using the usermod command.
$ sudo groupadd newgroup
$ sudo usermod -a -G newgroup www-data
$ sudo usermod -a -G newgroup debian-transmission
Now all that’s left is to set the permissions on that directory.
$ sudo chgrp -R newgroup /path/to/directory
$ sudo chmod -R 770 /path/to/directory
chmod 770 means:
rwxrwx--- (symbolic)
User: read, write and execute
Group: read, write and execute
Others: no permission
quick tips
To know how many users are there in your box, run this command: compgen -u. To know how many groups, run this command: compgen -g. Cleaner output as compared to cat /etc/passwd.