i have 2 or more subfolders in my website. And i need to give read-only permission to all my sub-folder for protect from hacking.
Is there any way to do this?
chmod -R 777 where -R makes it recursive, so all underlying files of that folder will be set to the same permission, 777 in my example.
you need to do chown -R www-data:www-data your-directory-here
(here, www-data is the default apache username under debian 7)
and then chmod 711 your-directory-here.
But there's no way to set permissions using .htacces, it's all or nothing with .htaccess, but the web user is considered as apache, so www-data.
If you don't want users to acces to your directory on apache, simply edit /etc/apache2/sites-enabled/000-default and edit this:
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
like this:
<Directory />
Options -FollowSymLinks
AllowOverride None
Options -Indexes
</Directory>
Options -Indexes Disallows users to view your directory indexes
Options -FollowSymLinks Disallow apache to follow Symbolic links (don't edit this one if you need apache to follow some symbolic links).
btw, apache folders can't be edited from web client, you need a ssh access for that.
If you're using FileZilla or a similar FTP client you can right click on anything then use the UI to select permissions regarding every aspect of the file.
Related
I'm trying to set up apache on fedora 37. I'm specifically trying to make a symlink in var/www/html to a folder in my home folder:
[yatsuta#fedora html]$ pwd
> /var/www/html
[yatsuta#fedora html]$ file yatsuta
yatsuta: symbolic link to /home/yatsuta/Programming/webdev/html/
I've put test.html in the webdev/html folder, and made sure to give apache proper permissions via setfacl (following this answer on similar question).
However, when trying to access the file from web browser I get access forbidden error anyway, and I do not know what to do with this.
I havent edited my conf file at all so it's at its defaults, which are the following:
User apache
Group apache
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Testing the permissions confirms that they are set up properly (at least as far as I know):
[yatsuta#fedora /]$ sudo -u apache test -x /home/yatsuta/Programming/webdev/html/test.html; echo "$?"
0
(running with -r and -w also returns 0)
I am facing a peculiar problem with apache2 running on debian 8. I followed a couple of tutorials to install it and everything worked great. The problem is that i have partitioned the disk as 9gb for the system files, 1gb swap and 30gb for the home folder so I wanted to move the www folder from it's current location (/var/www) to home(/home/www).
I found more than a few guides on how to do that, some saying that i should change the lines in apache2.conf from this:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
to this:
<Directory /home/paul/www/>
Options Indexes FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
</Directory>
As well as the documentRoot
Others suggested using the 000-default.conf file located in the /etc/apache2/sites-available folder and change the default folder from /var/www to /home/paul/www.
I did both and the folder was seen but not accessible, so i used the quick solution and use chroot 777. After that apache redirected me back to /var/www.
All settings point to /home/paul/www and the www folder has full read write permission. In fact neither the apache.conf nor 000-sites-available has any reference of /var/www so why does apache keep pointing me there? Is there something i missed?
p.s i did updates and upgrades multiple times as well as restarted the apache service and the entire pc.
you need to change the ownership of files to allow apache there
please try
chown -R www-data /home/paul/www/
however if you set a particion for your paul www why not mount the partition in /var/www
or you can create a symlink
ln -s /home/paul/www /var/www/paulsite
then edit your apache conf accordingly.
Regarding the edited file I recomend you use the 000-default better. in fact i would use that as a skeletone. and create a new file for your site then enable that site.
Ok so with a little research i realized that what i was trieing to do was not the best practice at all! (Thanx for the heads up Sudakatux).
I found the solution in askubuntu for anyone interested.
Instead of trieing to change the mechanics of apache i enabled the userdir module and set up public_html in my home folder with 755 permissions. I use a redirection script from the initial location to the various locations on my home directory. Works just fine!
I got my new VPS server with CentOS 5.8, I could not transfer my domain yet but I want to reach my site via http://my-server-ip and since I am using laravel framework I need to change default DocumentRoot httpdocs to httpdocs/public I have tried to put those lines to httpd.conf file:
<VirtualHost my-server-ip:80>
DocumentRoot /var/www/vhosts/my.domain.org/httpdocs/public
ServerName my.domain.org
</VirtualHost>
However after restarting apache it warns me like this:
Warning: DocumentRoot [/public] does not exist
What should I do?
You'll need to enable read (and possibly execute) privileges on the directory. As root try:
# Recursively set the owner of this folder to 'www'
chown -R www /var/www/vhosts/my.domain.org/httpdocs/public
# Recursively give the owner read and execute privileges
chmod -R u+rx /var/www/vhosts/my.domain.org/httpdocs/public
As an alternative on some setups the user might be called nobody. So if www doesn't work try:
chown -R nobody /var/www/vhosts/my.domain.org/httpdocs/public
EDIT:
As user tink pointed out in the comments
"...in Centos the user running apache is aptly called apache. In debian and it's derivatives, it's www-data."
might be that the apache user can't get into the new directory. try
chmod a+r /var/www/vhosts/my.domain.org/httpdocs/public
I had the same "403 page" problem. Just after I changed Document Root in my /etc/apache2/conf-available/sitename.conf from /var/www/html to /data/www.
To solve the problem I did the folowing:
1) Utilized chown and chmod examples, provided by Mike (2 posts above). Many thanks to him;
2) Added 2 lines to the end of /etc/apparmor.d/abstractions/web-data as follows:
/data/www/ r,
/data/www/** r,
and then run:
sudo service apparmor reload
3) I also needed to add the following bit of code to my apache.conf:
<Directory /data/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
May be some actions were superfluous, but It worked pretty nice for me (Apache v2.4.7, Ubuntu 14.04.1)
So i have SVN installed and using HTTPD for a remote repository. All works well, until i use the password file. This is not working at all. Apache's error_log says
(13) Permission Denied: Could not open password file
I have set the passwd file's chmod to 777 and chown to apache, I also set the parent folder of the repo and passwd file to chown apache and chmod 777...
I have no clue how this is a permissions problem anymore... any help please!!
UPDATE
I took SVN out of it, and just implemented a standard basic auth on one of my domains
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot "/var/www/www.domain.com/public_www"
<Directory "/var/www/www.domain.com/public_www">
Options -Indexes
Order allow,deny
Allow from all
AllowOverride All
AuthType Basic
AuthName "Basic Authentication"
AuthUserFile /path/to/authfile.htpasswd
Require valid-user
</Directory>
</VirtualHost>
I created the password file like this
htpasswd -cm /path/to/authfile.htpasswd username
password (and retype)
And finally
service httpd restart
Lo and behold, the auth prompt works as before, but the username and password DOES NOT! This is rather frustrating, i have double checked all the permissions, owners etc of the password file and parent folder, but i still get
(13) Permission Denied: Could not open password file
In the error_log for Apache
If you're on a Red Hat Enterprise Linux/Centos/Fedora system and you create your htpasswd file outside of /var/www/html directory, owned by apache, you'll also have problems with SELinux context/lables of the htpasswd file. You can check the current context/label of htpasswd with the -Z option passed into the ls command.
ls -Z
The htpasswd file should have a type of httpd_sys_content_t. you can change this with this command:
chcon -t httpd_sys_content_t htpasswd
More info on Relabeling Files for SELinux:
https://wiki.centos.org/HowTos/SELinux#head-0f6390ddacfab39ee973ed8018a32212c2a02199
Maybe a bit of an obvious slap in my face:
I had previously been putting /path/to/authfile.htpasswd out side of apaches home folder /var/www, when I put the password file in /var/www/svn-auth/*.htpasswd than it worked.
Regardless of chown (apache owning /svn-auth and .htpasswd files within) it was probably being denied because it's likely that apache's (as a user) home folder is /var/www/* and was being denied access outside of it...
Lesson learned
I have a VPS for hosting sites and I'm trying to get Apache to follow symlinks but cannot figure it out. I've Googled for the past couple hours and everything seems really confusing. I don't know anything about htaccess mod_rewrite engine so that's not available.
Basically, I have a resources folder that's not in the root directory of one of the sites, it's inside another directory but I'd like a symlink in the root so that it appears to be both in the root directory AND in that other directory.
So the original is /sub/resources
and I want a symlink /resources to link to /sub/resources
Everything I try I get an Apache permission denied error. I'm creating the symlink with the root user using ln -s and setting permissions of the symlink to 755.
I've tried adding Options +FollowSymlinks to my root .htaccess file.
Also tried going to the httpd.conf file and ensuring it has
<Directory />
Options FollowSymLinks
AllowOverride Indexes
</Directory>
Very frustrating. Any suggestions?
Thanks,
Scott