grouping users for folder write permission

Published on 26 Nov 2014

Previously, I configured nginx and transmission inside a Docker instance. No serious problem with the permission, maybe because everything was done by using the root user. Just purchased new VPS and using the non-root user, then things started getting weird.

the setup

Transmission-daemon (user: debian-tranmission) is the torrent service, serving the UI through web interface. Because I don’t want to SFTP to download things from there or to set an FTP service, I set up nginx (user: www-data) to serve a directory listing by using a PHP script called Directory Lister. It is quite an active project FYI.

the problem with the original setup

Let’s say that Transmission’s download folder is located at ~/downloaded, what I will usually do is (credit to Matthew Manning):

sudo chown $USER:debian-transmission ~/downloaded
sudo chmod g+w ~/downloaded

But the problem with this setup is that if the nginx is serving the folder ~/downloaded as declared in its vHost file, very likely when you try to access it from the web browser it will return Error 403. If you give nginx (www-data) the permission to write into the ~/downloaded folder, that will remove the ability of debian-transmission to write into that folder.

How to fix this?

assign 2 users into a new group

Fun fact 1: users in Linux can belong to more than one group, hence a user can be in multiple groups. That’s convenient!

I am suggesting a fix where we create a new group, then add www-data and debian-transmission to that group. Create a new group with the name newgroup or whatever name you prefer by using the groupadd command, then add 2 users to that group by using the usermod command.

$ sudo groupadd newgroup
$ sudo usermod -a -G newgroup www-data
$ sudo usermod -a -G newgroup debian-transmission

Now all that’s left is to set the permissions on that directory.

$ sudo chgrp -R newgroup /path/to/directory
$ sudo chmod -R 770 /path/to/directory

chmod 770 means:

rwxrwx--- (symbolic)
User: read, write and execute
Group: read, write and execute
Others: no permission

quick tips

To know how many users are there in your box, run this command: compgen -u. To know how many groups, run this command: compgen -g. Cleaner output as compared to cat /etc/passwd.

Thanks to these Q&A threads on SuperUser and AskUbuntu