Permissions

We strongly recommend to set proper permission to your conf and your src folders. We set the following permissions in our base AMI.

chown root:root /var/www/webapp

setfacl -R -d -m u:admin:rwx /var/www/webapp
setfacl -R -d -m g:www-data:rx /var/www/webapp
setfacl -R -d -m o::--- /var/www/webapp

setfacl -R -m u:admin:rwx /var/www/webapp
setfacl -R -m g:www-data:rx /var/www/webapp
setfacl -R -m o::--- /var/www/webapp

This will make the files

  • to be owned by root

  • to be read-only by the group www-data

  • to be writeable by the user admin

You’ll probably want to set write permissions to some folders (files uploaded by users?). We recommend using the autorun.sh. Keep in mind that the autorun.sh will be ran with the admin user, so you’ll need to use sudo.

sudo setfacl -R -d -m u:admin:rwx /var/www/webapp/src/user_uploads/
sudo setfacl -R -d -m g:www-data:rwx /var/www/webapp/src/user_uploads/
sudo setfacl -R -d -m o::--- /var/www/webapp/src/user_uploads/

sudo setfacl -R -m u:admin:rwx /var/www/webapp/src/user_uploads/
sudo setfacl -R -m g:www-data:rwx /var/www/webapp/src/user_uploads/
sudo setfacl -R -m o::--- /var/www/webapp/src/user_uploads/