I'm trying to setup a basic Ubuntu 14.04 web server but am having trouble setting file ownership correctly. I want the Apache user (www-data) to have ownership of the web directory (/var/www) and my user to have membership in the apache group. I want both my user and Apache to have the ability to read and write to the /var/www directory.
This is the permission and ownership for the directory I want to share:
drwxrwxr-x 3 www-data www-data 4096 Aug 23 13:39
I've added myself to the www-data group and recursively set permissions on the web directory to 775. Apache is able to read and write but my user, when attempting to add a file over SFTP is getting "permission denied" messages.
What am I doing wrong and should I have ownership setup differently?
Hi, two things to check:
is your user a member of /etc/group:www-data
in /etc/sshd_config, is the user have authorization by pam or AllowGroups+AllowUsers ?
Related
I have multiple PHP applications hosted in Apache on Redhat 8.
Some of the libraries used in these web apps generate files owned by Apache.
-rw-rw-r--+ 1 apache apache 35 Dec 16 12:54 cf8d2#setClass.cache.php
-rw-rw-r--+ 1 apache apache 35 Dec 16 12:54 c8dds#setSchemeId.cache.php
I have a deployment process which deletes a release before deploying the new release. Since these files are owned by Apache, the deployment fails as the webadmin user cannot remove these files.
The app files themselves are owned by a user/group called webadmin.
-rw-rw-rw- 1 webadmin webadmin 2848 Dec 16 12:59 index.php
Is the a way to force Apache to create files owned by webadmin?
You can add the webadmin user to the group of apache. Then you should have enough permissions. Otherwise you could use ACLs and give the user permissions for that directory.
ACLs on Redhat 8
Here is a manual how to use the ACLs. I think that is the easiest way. Otherwise you have to run the deployment with higher privileges.
Or you give the user sudo rights to the folder like this.
Sudo rights in a particular directory
So there are some ways to solve the problem.
I have some folders on a ubuntu server running Nginx with the following permissions & groups:
drwxr-xr-x 3 www-data www-data some_folder
I am trying to delete these within a deployment script, as a user called deploy. This user is in the www-data group.
I know that to delete these folders, I need group write permissions (which I currently don't), however the deploy user doesn't have the permissions to set this. I've tried chmod 775 some_folder and also setting the deploy user as the owner with chown deploy some_folder, but I always get this error:
chown: changing ownership/permissions of 'some_folder/': Operation not permitted
How can I delete these folders without using sudo?
Thanks in advance for any help
I have set up the AWS Linux instance and deployed web project and for that project, I need folder permission only by apache user I have root user access for SSH.
How can I do this which will show apache as an owner of the web project?
Apache creates www-data as the user and group.
Example: If the Server web root is /var/www.
sudo chown -R www-data:www-data /var/www
Hope it helps ;-)
For my desktop machine, I'd like to be able to access files in my home directory in a browser.
I have set the Apache DocumentRoot to my home, but I get logically a forbidden page. I tried to add www-data user in my group, with the same result.
I would not prefer give full access to any user in my home.
So how should I proceed to let apache read my home dir?
$ ls -la /home | grep gael
drwxr-xr-x 44 gael gael 4096 mars 17 22:30 gael
$ groups www-data;
www-data : www-data gael
The error log:
[Tue Mar 17 22:43:06.592819 2015] [authz_core:error][pid 4572] [client 127.0.0.1:59677]
AH01630: client denied by server configuration: /home/gael/
apache conf:
<VirtualHost *:80>
DocumentRoot /home/gael/
</VirtualHost>
make sure that the user running the webserver has full read permissions to all files they need to see. they will also require execute permissions for any directory they need to traverse into.
so it seems that you have added the www-data user to your own group, which should fulfill the above.
be aware, that a new group-membership does not take effect immediately: interactive users need to login again, a daemon needs to be restarted (thus: restart apache). the w32 way (just reboot) will also work.
btw, exposing your home via a webserver seems like a bad idea: anybody who can access the webserver (usually anybody on the same net) will be able to see your home-directory. make sure that you add extra security (password protection, encryption,...).
btw, did you know that the ~/public_html directory is traditionally exported by your web-browser as ~<user> (so if your login name is "gael" you can access this directory via http://localhost/~gael/). if the directory does not exist, just create it and make sure that you set its group to www-data. this is a much more secure way to share some data via the web.
I have a web application wrote in php , working with Apache in a Linux server, the problem is that this server can be access by many users, what I want to do is , restrict the htdocs folders without broke the permissions that need Apache in order to display the web application.
My idea is something like this:
User Administrator (is in the sudo group, and in administrator group) Have access to htdocs.
User Deb (is in the sudo group,and in standard group) No have access to htdocs
By access I mean, copy and modify, the php files.
In most Linux distributions Apache is run under a specific user, for example apache under Red Hat and www-data under Debian and Ubuntu. The root user and every user in the sudo have access to all files on the file system. Combining these gives you your solution: change the owner of the htdocs directory to the user under which the server is run and change the rights on the htdocs directory to 0700. So:
$ cd /[path to parent dir of htdocs]/
$ chown <apache user>:<apache group> htdocs
$ chmod 0700 htdocs
This way only the apache server user, root and users in the sudo group have access to the htdocs directory.
You can set the htdocs folders to be readable only by group www-data and add users who are allowed to do changes ther into the www-data group.
drwxrwx--- www-data www-data vhosts/