Permissions
We strongly recommend to set proper permission to your conf
and your src
folders. We set the following permissions in our base AMI.
chown root:root /var/www/webapp
setfacl -R -d -m u:admin:rwx /var/www/webapp
setfacl -R -d -m g:www-data:rx /var/www/webapp
setfacl -R -d -m o::--- /var/www/webapp
setfacl -R -m u:admin:rwx /var/www/webapp
setfacl -R -m g:www-data:rx /var/www/webapp
setfacl -R -m o::--- /var/www/webapp
This will make the files
-
to be owned by
root
-
to be read-only by the group
www-data
-
to be writeable by the user
admin
You’ll probably want to set write permissions to some folders (files uploaded by users?). We recommend using the autorun.sh
.
Keep in mind that the autorun.sh
will be ran with the admin
user, so you’ll need to use sudo
.
sudo setfacl -R -d -m u:admin:rwx /var/www/webapp/src/user_uploads/
sudo setfacl -R -d -m g:www-data:rwx /var/www/webapp/src/user_uploads/
sudo setfacl -R -d -m o::--- /var/www/webapp/src/user_uploads/
sudo setfacl -R -m u:admin:rwx /var/www/webapp/src/user_uploads/
sudo setfacl -R -m g:www-data:rwx /var/www/webapp/src/user_uploads/
sudo setfacl -R -m o::--- /var/www/webapp/src/user_uploads/