I just discovered Grav, and decided to test it on my VPS. I’m trying to install it, following instructions in documentation. Now I’m in the section Basic->Requirements->Permissions. I found user running my www-server and group it belongs to. Now I’m going to change permissions, and I have a question concerning this. Documentations lists this sequence of commands:
chgrp -R GROUP .
find . -type f | xargs chmod 664
find ./bin -type f | xargs chmod 775
find . -type d | xargs chmod 775
find . -type d | xargs chmod +s
Is there any reason not to do this instead:
chown -R USER:GROUP .
???
None of those following “find…” commands would be necessary if I just changed user to the one running web-server (instead of group), because all files are already 644 and dirs 755 (so owner could modify/run them). And playing with sticky-bits is quite dangerous, it should be avoided whenever possible…
Fixing owner/group is part of that “simple way”. Because if you download & unzip package as ordinary user, all files (after unzipping) will be owned by that user. And if your web-server is not running as root (and it should not!) then it can not modify files of other user…
What I do not understand is why official documentations recommends changing just group (and mode-bits) instead of simply changing owner. Those 5 commands can be substituted by single one, and it is much safer than playing with set-uid…
) then you have to let your webserver modify the files in the webroot.