I have for some time been manually switching my www/html directory user ownership on my EC2 Instance between apache and EC2-user for some time to allow me switch between installing and updating wordpress plugins or using Coda 2 to upload and update files via FTP.
I have finally reached a point of frustration and am wondering what is the best way to set up my ownership settings on the server to cater for both users having access without having to constantly change the settings.
Here are the commands I use to switch between users:
sudo chown -R apache:apache /var/www/html
sudo chown -R ec2-user /var/www/html
Can someone please advise the safest configurations to avoid constantly switching for the foreseeable future?
add your user to the same user group of apache.
sudo usermod -a -G apache ec2-user
then exit your account then change ownership that include ec2-user in the path
sudo chown -R ec2-user:apache /var/www
Related
I have a folder web that jenkins manages:
/var/lib/jenkins/workspace/myweb
*jenkins user is the owner
and from nginx I set up the default site with:
root /var/lib/jenkins/workspace/myweb/build;
before when the site was in /var/www/html was working well, the owner
not now, how I can set up the rights for the web folder to www-data ?
You can use chown command this way
sudo chown www-data:www-data /var/lib/jenkins/workspace/myweb
I upgraded my server from easy apache 3 to 4 and gained some permission issues, I ran:
chown -R nobody /home/myuser/public_html
in the server, which corrected this, now that directory is no where to be seen on cpanel but the site is still live.
Can I put the directory back but simply using:
chown -R myuser /home/nobody/public_html when ssh'd in as root?
Self managed server so my host won't help me.
Thanks Brad
Yes, you can change the permission using below command.
chown -R myuser /home/myuser/public_html
Using SSH I've granted access to my SFTP clients user "ec2-user" with the following command:
sudo chown -R ec2-user /var/www/html
However I also need to grant access to Apache which I can do with the following command:
sudo chown -R apache:apache /var/www/html
I assumed this would grant access to both, but this is not the case. How can I apply the command to both ec2-user & Apache at the same time?
When you have executed chown commands, you did next: at first you've changed the owner of /var/www/html to ec2-user, and with next command you've changed the owner and owner group to apache. You can set only one pair of owner:owner-group to file or directory or whatever.
You have at least two ways to solve your task:
usermod -a -G apache ec2-user - this will add user ec2-user to apache group, after that, make sure, that permissions allows apache group members to manipulate files and directories as you need.
Create a subdirectory in /var/www/html with owner set to ec2-user and group set to main apache group and make sure that Apache could access it. You can configure it as a VirtualHost to separate it from original DocumentRoot.
Also, you have to set ec2-user home directory to /var/www/html, because even if it's has rights to access /var/www/html, it isn't necessary that it can access /var or /var/www.
These instructions helped me to get this up and running very easily:
https://devanswers.co/configure-sftp-web-server-document-root/
Here's a cached version:
https://web.archive.org/web/20201203122712/https://devanswers.co/configure-sftp-web-server-document-root/
The idea here is to create a group like sftp_users and then set permissions to that group, adding the user to that group (the link above details all configurations and setup very well)
I'm running into a permissions problem with Cherokee+uWSGI on Ubuntu Server 13.10 intended for a Django production environment. When I start uWSGI manually as root user prior to launching cherokee, everything goes smooth:
sudo uwsgi --ini /home/instytut21/instytut21l/instytut21/uwsgi.ini
But when I try to access the site through the server (running as www-data) without that, I keep getting a 503 Service Unavailable response and the following message in the logs:
sudo cat /var/log/cherokee/instytut21.error.log
realpath() of /home/instytut21/instytut21.pl/instytut21/uwsgi.ini failed:
[core/utils.c line 3574]
I've spent a good while trying to figure out what causes the problem. I've tried giving ownership to $USER:www-data and www-data:www-data with all kinds of file permissions ranging from 600 to 777.
I don't want to run the server as root for security reasons. How can I make the ini file accessible to cherokee?
I finally found a solution to a similar problem at www-data permissions? . I slightly modified it and solved my problem by executing the following commands.
Own the whole directory by me and group www-data:
sudo chown -R $USER:www-data /home/instytut21/instytut21.pl/
Grant all permissions to the group:
sudo chmod -R g+rwx /home/instytut21/instytut21.pl/
Ensure all uploaded filed get the same permissions:
sudo chmod -R g+s /home/instytut21/instytut21.pl/
I have a big doubt how to setup Apache and Pure-FTPd. I don't know how set folder permissions and secure users to not access other folders outsite their home directory.
My scenario:
Apache running defaults (group apache, user apache)
Pure-FTPd using Pure-DB (internal database, not Linux users) - installed using group "ftpusers" and user "ftpuser"
all sites in /sites
I did:
chown apache:apache /sites -R
To create an user on Pure-FTPd:
pure-pw -u myuser -d /sites/onesite -u ftpuser -g ftpusers
pure-pw mkdb
This way I can connect to a FTP account but cannot transfer (permission denied) or delete files.
I can set all /sites to 777 but I know this is not correct. I want to know the correct way, so users can upload/delete files, Apache can read/write files in each website, and if a user upload something to try read outside the /sites directory he gets an error.
Please, help me to secure my webserver using Apache and Pure-DB, plus Linux permissions.
Thank you!
Roger
Not sure if this is correct: I've created the FTP user using "apache:apache"
pure-pw -u myuser -d /sites/onesite -u apache -g apache
pure-pw mkdb
and set:
chmod 770 /sites -R
So everything runs on apache:apache.
Same issue here. I solved it lowering /etc/pure-ftpd/conf/MinUID to my www-data UID number. Though I'd like to know if there is a better solution.