Simple question, but for some reason I couldn't find the exact answer on Google:
I have a fresh Ubuntu install on Slicehost, and would like to make a public directory in my home dir for a simple website containing a bunch of static HTML files. How do I do this? Is it just a matter of typing mkdir public_html and setting the permissions, or is there a cleaner way? (I remember in the past I've had issues where every time I copied a file into my public_html directory, I would have to manually set its permissions, which was quite frustrating.)
Assuming you've already installed apache, do the following:
sudo a2enmod userdir
sudo service apache2 reload
The first command enables the userdir apache mod, which does exactly what you want. The second reloads apache configurations so that it starts using the new configuration.
To install apache2:
sudo apt-get install apache2
Of course, you'll also need to make sure that the permissions on your public_html folder allow the www-data user to see the files in there -- 755 usually works well. To do this:
mkdir ~/public_html
chmod -R 755 ~/public_html
This will recursively (-R) go through your public_html and set the permissions to 755 (owner rwx, and both group and other r-x, r-x).
The other answers are on the right track with mod_userdir, but using that will give your website the base URL http://www.yourdomain.com/~username/ - for instance, a file /home/username/public_html/index.html would be accessible as http://www.yourdomain.com/~username/index.html. If you want your files to be accessible under the domain root, as http://www.yourdomain.com/index.html for example, then you'll need to put the directive
DocumentRoot /home/username/public_html
in the Apache configuration file.
You need to use mod_userdir for Apache, otherwise you need to set up symlinks from /var/www/ or wherever.
Your permissions issue is because Apache does not have read access to your files. You need to allow read access to www-data (or whatever the user is; distro-specific).
Related
I have created a simple app using AngularJS. When I tried to host that project in my website http://demo.gaurabdahal.com/recipefinder it shows the following error:
Forbidden
You don't have permission to access /recipefinder on this server.
Server unable to read htaccess file, denying access to be safe
But if I go to http://demo.gaurabdahal.com/ it displays "access denied" message as expected, that I have printed. But why is it unable to open that AngularJS projects "recipefinder". If I tried to put a simple HTML app there, it opens just fine.
The same AngularJS project works fine when I host that in github (http://gaurabdahal.github.io/recipefinder)
I can't understand what's wrong.
I had this problem too. My advice is look in your server error log file. For me, it was that the top directory for the project was not readable. The error log clearly stated this. A simple
sudo chmod 755 <site_top_folder>
fixed it for me.
Set group of your public directory to nobody.
This is a common problem with GoDaddy virtual server hosting when you bring up a new website.
Assuming you have SSH access to the server (you have to enable it on cPanel), login to your account. Upon successful login, you will be placed in the home directory for your account. The DocumentRoot for your website is located in a subdirectory named public_html. GoDaddy defaults the permissions for this directory to 750, but those permissions are inadequate to allow Apache to read the files for website. You need to change the permissions for this directory to 755 (chmod 755 public_html).
Copy the files for your website into the public_html directory (both scp and rsync work for copying files to a GoDaddy Linux server).
Next, make sure all of the files under public_html are world readable. To do this, use this command:
cd public_html
chmod -R o+r *
If you have other subdirectories (like css, js, and img), make sure they are world accessible by enabling both read and execute for world access:
chmod o+rx css
chmod o+rx img
chmod o+rx js
Last, you will need to have a .htaccess file in the public_html file. GoDaddy enforces a rule that prohibits the site for loading if you do not have a .htaccess file in your public_html directory. You can use vi to create this file ("vi .htaccess"). Enter the following lines in the file:
Order allow,deny
Allow from all
Require all granted
This config will work for both Apache 2.2 and Apache 2.4. Save the file (ZZ), and then make sure the file has permissions of 644:
chmod 644 .htaccess
Works like a charm.
You need to run these commands in /var/www/html/ or any other directory that your project is on:
sudo chgrp -R GROUP ./
sudo chown -R USER:GROUP ./
find ./ -type d -exec chmod 755 -R {} \;
find ./ -type f -exec chmod 644 {} \;
In my case (apache web server) I use www-data for USER and GROUP
Every public folder makes the permission to 755. Problem solved.
GoDaddy shared server solution
I had the same issue when trying to deploy separate Laravel project on a subdomain level.
File structure
- public_html (where the main web app resides)
[works fine]
- booking.mydomain.com (folder for separate Laravel project)
[showing error 403 forbidden]
Solution
go to cPanel of your GoDaddy account
open File Manager
browse to the folder that shows 403 forbidden error
in the File Manager, right-click on the folder (in my case booking.mydomain.com)
select Change Permissions
select following checkboxes
a) user - read, write, execute
b) group - read, execute
c) world - read, execute
Permission code must display as 755
Click change permissions
In linux,
find project_directory_name_here -type d -exec chmod 755 {} \;
find project_directory_name_here -type f -exec chmod 644 {} \;
It will replace all files and folder permission of project_directory_name_here and its inside stuff.
In my case apache was somehow configured wrong(?) so I had to set permissions to all parent dirs too. Just setting permission to .htaccess (and it's parent dir) didn't work.
Ok, I recently met the same issue too while working on a WordPress installation using apache2 on the server on Ubuntu 20.04.
I experienced this issue when I changed file ownership to another user:
Here's what worked for me:
$ sudo chown -R www-data:www-data /var/www/YOUR-DIRECTORY
Here's a bit more context into the issue:
The above command gives ownership of all the files [in that folder] to the www-data user and group. This is the user that the Apache web server runs as, and Apache will need to be able to read and write WordPress files in order to serve the website and perform automatic updates.
Be sure to point to your server’s relevant directory (replace YOUR-DIRECTORY with your actual folder).
You could run through this insightful article on digitalocean.
As for Apache running on Ubuntu, the solution was to check error log, which showed that the error was related with folder and file permission.
First, check Apache error log
nano /var/log/apache2/error.log
Then set folder permission to be executable
sudo chmod 755 /var/www/html/
Also set file permission to be readable
sudo chmod 644 /var/www/html/.htaccess
Just my solution. I had extracted a file, had some minor changes, and got the error above. Deleted everything, uploaded and extracted again, and normal business.
Important points in my experience:
every resource accessed by the server must be in an executable and readable directory, hence the xx5 in every chmod in other answers.
most of the time the webserver (apache in my case) is running neither as the user nor in the group that owns the directory, so again xx5 or chmod o+rx is necessary.
But the greater conclusion I reached is start from little to more.
For example, if
http://myserver.com/sites/all/resources/assets/css/bootstrap.css
yields a 403 error, see if http://myserver.com/ works, then sites, then sites/all, then sites/all/resources, and so on.
It will help if your server has directory indexes enable:
In Apache: Options +Indexes
This instruction might also be in the .htaccess of your webserver public_html folder.
I had same problem on Fedora, and found that problem was selinux.
to test that it is problem run command:
sudo setenforce 0
Otherwise or change in file /etc/sysconfig/selinux
SELINUX=enforcing
to
SELINUX=disabled
or add rules to selinux to allow http access
I had the same problem on a rackspeed server after changing the php version in the cpanel. Turned out it also changed the permissions of the folder... I set the permission of the folder to 755 with
chmod 755 folder_name
"Server unable to read htaccess file" means just that. Make sure that the permissions on your .htaccess file are world-readable.
I can't workout how to solve this problem so wordpress would let me upload themes.
I have a fresh copy of Fedora 17 installed on my dev machine.
I then installed mysql using: yum install mysql mysql-server. Next I installed WordPress which also installs apache and php: yum install wordpress
I can go to http://localhost/wordpress and see WordPress working. But when I try tried to install my theme it asked for ftp credentials. I then updated the wp-config.php file and set the FS_METHOD constant to direct. Now it doesn't ask for ftp credentials but it gives me this error:
Could not create directory. /usr/share/wordpress/wp-content/themes/my-theme-name/
httpd service is running under 'apache' user and 'apache' group. The /usr/share/wordpress/ directory is recursively own by 'apache' user and 'apache' group too. I've even set the permissions to 777 (also recursively) and even then I keep getting the same error as above.
How can I solve this problem?
Fedoras SELinux configuration is most probably blocking the attempts of the webserver to write to the disk. To change the settings for your wordpress folder you can run this command (as root):
chcon -R -t httpd_sys_content_rw_t /usr/share/wordpress/wp-content
No need to do chmod 777 to the whole folder, this is a huge security risk. Of course this is for direct filesystem access, you have to disable the ftp access. For ftp access you will have to look up the right SELinux context.
You got the check these lines in your Wp-config.php (aproximatively line 105) :
define('FTP_USER', 'usr');
define('FTP_PASS', 'P#ssw0rd');
define('FTP_HOST', 'url');
You process of web server is running on apache but Wordpress will use the account define in the wp-config.php . So you got to set the group of your user to get access to these files.
Setting permissions 777 is not a solution, you got to care about it.
I've got a LAMP webserver running my homepage (index.html in var/www/). I'd like to know in general how to set my file permissions so that browsers can't access anything besides the html/php files I want to show. Right now I've sort of accidentally chmodded everything to 777. I understand that .htaccess only protects the www folder and inwards... How can I set my permissions so that I have an svn folder that svn can still access but browsers can't?
In security you should follow the paradigm of "Least Privilege Access". It is best to do a chmod 500 -R /var/www chown www-data -R /var/www. This is assuming that your php code is running as www-data, you could run a <?php system('whoami')?> to verify your user account.
A chmod 500 gives the web root read and execute privileges. Write privileges is very dangerous as this is vital for defacing your site. The last number should always be zero, this is global privileges and you don't want any other account/process accessing your webroot.
I just learned to install Apache 2 on my ubuntu linux localhost for the first time. I'm making it work with PHP5.
I noticed that anytime I want to write to a file or directory, I have to chmod 777 the destination.
But from my experience working on 3rd party hosting solutions, I am generally allowed to write to files and dirs that have 755 permissions.
What can I do on my localhost so that I can write to files and dirs with 755 permissions? If the answer to this is very long, can someone send me a link to a step by step guide to do this?
Here are some simple rules for web site content management (under apache) that most people should follow:
All content should be chown'd & chgrp'd to the same user that apache is running as. On new ubuntu installs , the user and group are both "www-data".
If you want to administer the serving files under your own user group, then you should add youself to the www-data group, and make sure that users in this group have read/write access to all the serving files and directories. The caveat here is that you want to make sure not to create new files as your personal account. These should still be owned by www-data. The easiest way to accomplish this is to create the file as yourself, and then chown it to www-data:www-data.
If you do these 2 things, then you should be able to write to files that are being served by apache. I'm not sure where your document root is, but something like this would likely work for most simple installs:
$ sudo usermod $USER -a -G www-data
$ cd /var/www
$ sudo chown -R www-data:www-data .
You probably can't achieve this because the owner of the file is different than the user trying to perform an action on the file.
the permissions are:
owner-group-everyone
rwx-rwx-rwx
i.e. 111 = 7 which allows read/write and execute.
101 = 5 which is just read and execute
you can't write to the file because your logged in user isn't part of the owner/group that has access to the file.
the final 7 (i.e. rwx-rwx-111(7)) means that globally, everyone has read/write access to that file.
how to fix this
In Linux, you can use the chown or chgrp command to achieve your desired results.
First, you will want to find out as which user your PHP code is running. If you are using mod_php5 (package name libapache2-mod-php5) with Apache to run with the "worker" or the "prefork" MPM, this will probably be www-data.
This is no big problem as long as you only run one web application within the server. However, if you run multiple applications (or scripts that are owned by more than one user), you are setting yourself up for all kinds of security-related "fun".
I moved from a shared hosting to a VPS a few weeks ago and I'm having these annoying permission issues with WordPress. You know you can download and upgrade plugins (and wordpress itself) from the admin panel, but since I moved it started asking me my FTP credentials, which is kinda slow when I have to update ~20 plugins.
I think this should be some kind of rights issue. I looked that the shared hosting wordpress files, they all belong to the username and group kovshenin (kovshenin:kovshenin) and the files are -rw-r--r-- and the directories are drwx-r-xr-x.
On my VPS apache runs under apache:apache and my files are kovshenin:kovshenin. What should I do to make them readable and writable by both kovshenin and apache?
Also, I changed the permissions to 0777 for all files and folders of my wordpress installation, that allowed me to install and delete plugins without FTP, but when I pushed to automatic upgrade to WordPress 2.8.1 it still asked me for my FTP account. Is that a wp issue or did I miss something?
Thanks.
Update: I managed to run id and id www-data on the MediaTemple shared hosting. User kovshenin is in group kovshenin, and www-data is in group www-data. No more groups. What's the trick?
Another update Okay, I added the apache user to the kovshenin group, my wordpress files are kovshenin:kovshenin with rw-rw-r-- permissions and drwxrwxr-x permissions on directories, but something is still wrong. The user apache can access the files and folders, I can use the online Themes and Plugins editor in the wordpress admin panel, I'm able to make changes to the .htaccess file from within wordpress, but plugin/theme installation still asks me for FTP credentials!
Any ideas? Thanks.
What should I do to make them readable and writable by both kovshenin and apache?
Create a new group, say "wordpress".
Add both koveshenin and www-data users to the wordpress group.
Change the group owner of all the files to wordpress (using chgrp).
Make sure all the files are group writeable.
Set the g+s (setgid) permission bit on all the directories of interest.
Make sure kovshenin and apache's default umask includes group read & write permission.
The second last step is the trick. It means that whenever kovshenin or apache creates a file in those directories, the group owner will be set to wordpress (instead of kovshenin or apache).
You can give ownership to www-data according to here.
Run the following command in your WordPress directory (sudo required):
sudo chown -Rf www-data *
Works for Apache.
Assuming your wordpress install directory is /var/www/html to mass change all the files and directories to the proper permission use:
sudo find /var/www/html/ -type d -exec chmod 775 {} \;
sudo find /var/www/html/ -type f -exec chmod 664 {} \;
To mass change the owner group of everything use:
sudo chgrp -R <desired_username>.<desired_groupname> /var/www/html
I had the same problem and I solved it turning off PHP 'safe_mode' in plesk, now WP can create folders and move files without any problems.
I hope this help you.
Currently, adding define('FS_METHOD', 'direct'); to wp-config.php might do the trick. Not sure that would have worked in '09 though. See here for my similar case using nginx. I found that it was an essential step.