0

I have a folder /home/zain/uploads/hash/

In uploads one of my service which is running with forever-service is creating hash folder and put file inside it ..

problem is, it is creating hash folder and file inside it as root user and 700 access since it is running with forever-service ..

But when I tried to access through my nginx so it give me 403 forbidden ..

my nginx user is opc ..

If I change owner or group manually then I can access to that file.. so I don't want to change permissions manually every time.

How can I solve the problem?

Improve this question
6
  • How do you execute the forever-service? you should change the service user-id to be opc... or update it, to change the output files to be owned by opc Commented Aug 7, 2018 at 10:33
  • @Yaron forever-service must be run as root it give me this error when i tried to run with opc Commented Aug 7, 2018 at 10:37
  • Can you update the service runs by forever-service to execute chown opc -R /home/zain/uploads/hash and/or chmod 755 -R /home/zain/uploads/hash as its last steps? Commented Aug 7, 2018 at 10:42
  • @Yaron nopes i cant edit that script .. and also have a similar thought of creating cronJob which checks new entry of file and changes its permission ... but thats doesnt seems a right way.. Commented Aug 7, 2018 at 10:50
  • cross-posting: askubuntu.com/questions/1063146/… Commented Aug 7, 2018 at 11:28

2 Answers 2

Reset to default
0

I can see two options,

  • Run the service as a different user, but use capabilities. root has been broken up in to many capabilities, if the service is written well (does not, un-necessarily, try to do security, but lets kernel do it), then it should work with capabilities.
  • Use file access control lists, with defaults, so that the other user is added with read (maybe write) permissions.

See What are the different ways to set file permissions etc on gnu/linux for a list of ways that modern Linux does permissions.

Improve this answer
0

It may be sufficient to change the umask of the process creating the files.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.