httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sage Weaver <>
Subject Re: [users@httpd] Apache 2 ignores setgid directory perms
Date Thu, 01 Dec 2005 15:35:49 GMT
Apache is a member of the staff group, yes, and that seems to have no
effect.  Moreover, the directory in which the file is being created is owned
by the www-data user.

Specifically, I have a "files" directory that is owned by www-data and
grouped to staff:

$ ls -ld files
drwxrwsr-x  2 www-data staff 4096 2005-11-28 13:38 files

But the uploaded file doesn't obey the setgid on the directory:

$ ls -l files/upload.test
-rw-r-----  1 www-data www-data       0 2005-11-28 13:36 files/upload.test

I really need to figure out why this is, and how to fix it.  Does anybody
have a clue?  Have I missed something in the documentation?

On 11/29/05 3:52 PM, "Olaf van der Spek" <> wrote:

> On 11/29/05, Sage Weaver <> wrote:
> I have a Debian 3.1
> server on which I am currently running Apache 2.0.54
> (packaged by Debian)
> and PHP 5.0.3 (compiled from source).
> I have used a couple of web
> applications (CMS software packages) that allow
> me to upload files to a
> specified directory.  That directory has setgid
> permissions on it, so that
> all files created inside it are grouped to staff,
> allowing anyone in that
> group to manipulate the files from the command line
> if need be.
> I have
> found that in every instance, Apache ignores the setgid bit.  All
> files
> created by the web server are owned by www-data (the default user for
> Apache
> on Debian), and grouped to www-data as well, despite the fact that
> the
> directory is grouped to staff.
> Is this behavior intentional?  Can it be
> changed?  If so, how?

Apache runs as www-data (IIRC). Is www-data member of
> group staff? If
not, user www-data can't create files owned by group staff.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message