Can't access directory I am a group member of

On my web server I have a directory ‘www’ that has the permission drwxrwxr-- and user:group root:www-data so that Apache can access it.

Now I have added my account to the group www-data with

sudo usermod -g www-data myuser

and if I do groups then www-data is among them, but when I try to simply cd into it I get ‘Permission denied’.

If I change the user to ‘myuser’ or set the group to some other group I'm a member of, I can get in.

Am I missing something?


Solution 1:

Your process has its group list set at login time, so you would need to log in again for the change to take effect.

I would also suggest that you add www-data as a supplementary group rather than the primary one (which is set to a group only you are a member of. You should be able to do this with the following commands:

# Reset to your original primary group
sudo usermod -g myuser myuser
# Add an extra supplementary group
sudo usermod --append -G www-data group

If you want files you create to be readable by other members of the www-data group, adjust your umask accordingly:

umask 002

Since your primary group membership is a personal group, this shouldn't affect the security of files you create.

It is also worth setting the setgid bit on directories you'll be creating files in: this will cause files to inherit the group ownership of the parent directory:

chmod g+s www/