My apache server needs to serve files located in a mounted directory in the root folder. However, when the process attempts to access a file in that directory I get...
PermissionError: [Errno 13] Permission denined 'path/to/file'
How can I give the apache server access to the files safely?
I am working on a CentOS machine.
First unmount the shared directory.
chmod 775 <path>
chgrp apache <path>
Remount.
Would be one relatively safe way.
(assumes your apache user primary group is apache).
Related
I have a file in public_html/private/log.txt
The file is writable and executable by everyone (777), but the folder is protected via .htaccess (deny all).
Are there any security reprecussions with this setup? Idea is that I can download the file via ftp and httpd process can write to it, but no one can access it via the browser.
I have installed apache2 server on Ubuntu 14.04. It is working well with the files and directories which i have created here after installation, but if i copy any file or folder from anywhere else (already written) then is gives Forbidden error message.
Thanks in advance.
For a file to be accessible by apache2, it should be owned by the user which runs the apache2 server. On most systems the user is www-data or httpd or apache. To find which user is that, just look into your apache2.conf or httpd.conf. Once you know the user, make it the owner of the copied files/folders or reiterate it for the whole /var/www//html folder.
sudo chown -R www-data:www-data /var/www/html
This should do it. But, if it doesn't, verify that the user has at least read and execute permissions on the folder (write also, if you need to write some data through your script).
I have a vps with godaddy with the following:
centos 6
latest apache
whm/cpanel
I am running with suphp enabled.
files and folders are all 755,644
i have a program located at:
/home/programname/public_html
this program edits files located on the same server in different user accounts. in order for this to happen i have to:
chown programname:programname /home/username/public_html
this allows the files to be edited by the program running at /home/programname/public_html
when i try to view the files at
/home/username/public_html
at its domain name
username.com
I get an "The server encountered an internal error or misconfiguration and was unable to complete your request."
in order to fix this i have to
chown username:username /home/username/public_html
how do i fix this so i can view the website files without having to chown the files?
You can use ACLs:
Enable ACLs on a filesystem:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-acls.html
Set ACLs on a filesystem:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/acls-setting.html
There is also an apache module that I haven't had much luck with:
apache2-mpm-itk - http://www.webtatic.com/packages/httpd-itk/
It has some issues because it doesn't support prefork properly.
I have a webserver that runs apache 2.2.14 in ubuntu with php 5.3.2-1ubuntu4.14. Php files in my webserver run as www-data. Any php script that creates a file or folder automatically creates it with owner/group "www-data:www-data" and sftp does not have permissions to even read the files/directories. I want sftp to have rw permission on every file in the web directory. How do I fix this?
I have clean CentOS 6. I just install via yum install httpd mysql-server, python, mysql-python.
First Step
$ trac-admin /home/tracprojects/main2 initenv
Project name: Main
SQL Connect string: mysql://trac#localhost:3306/trac (base exists, utf8, innoDB)
OK.
$ trac-admin /home/tracprojects/main2 deploy /var/www/html/
OK.
Second Step
Then I move cgi-bin/trac.wsgi to my /cgi-bin/ server's alias folder. (mod_wsgi working well. NOT as a daemon. tested on wsgi scripts).
Then I've grant permissions to Apache user for whole directories I've create earlier. And add access from apache config. (order-allow-deny).
But when I open my browser and go to url, I've got this error message:
Internal Server Error
TracError: IOError: [Errno 13] Permission denied: '/home/tracprojects/main2/VERSION'
What I do wrong?
Do you use SElinux (enabled by default)? With default SElinux I believe Apache can not access /home. You can check this by disabling SElinux temporarily ("setenforce 0" as root) and maybe restarting Apache. Also check /var/log/audit.log.
Check permissions of '/home/tracprojects' etc. Apache runs as special user and simply may not be able to read into directories, read files, or even write files.
You may be better off using mod_wsgi daemon mode and telling mod_wsgi to run the process as a different user who can access that location. Even if do this, the WSGI script file directory still at least needs to be readable to Apache user.