I cannot set the web projects permissions correctly on webserver Ubuntu 20.04, Nginx, Apache. It is my first web hosting administration, so forgive me if I do not use the terms correctly.
I have a sudo user 'foo'. I manage the server through it.
I use another, not sudo user 'boo' for managing the web projects (nodjs, apache, ....)
The web projects are located at: /home/boo/apps/blog, /home/boo/apps/forum, ...
I tried different tutorials on setting sudo chown -R www-data:www-data blog and readjusting the individual projects, but it doesn't look good to me.
On my old hosting, the web projects are owned by 'boo'
drwxr-xr-x 7 boo boo 4096 Sep 16 05:59 blog
Is it mean that the apache server is set to work with 'boo'? How to set it to work like that. It is the best case according to me because 'boo' can edit the projects without sudo.
I tried to set it in /etc/apache2/envvars without success.
export APACHE_RUN_USER=boo
export APACHE_RUN_GROUP=boo
I tried to add 'boo' to the 'www-data' group: sudo usermod -a -G www-data boo. Is it correct?
We can set individual group / user for each virtual host with teh help of The Apache 2 ITK MPM http://mpm-itk.sesse.net/
<VirtualHost 127.0.0.1:666>
ServerName example.com
<IfModule mpm_itk_module>
AssignUserId boo boo
</IfModule>
</VirtualHost>
Related
I am trying to get Apache to run on my yosemite machine, but when i try to access localhost i get http://i.stack.imgur.com/ZzZzB.png.
I ran an apache configtest and got the following
Angus-Mac:mysql root# apachectl configtest
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using Angus-Mac.local. Set the 'ServerName' directive globally to suppress this message
Syntax OK
What am i getting wrong? any ideas?
Uncommenting the ServerName and changing it to the domain name solved the issue.
change the group permissions on that folder to _www
sudo chgrp -R _www /Library/WebServer/Documents (all web content is now group _www)
chmod -R go-rwx /Library/WebServer/Documents (nobody other than owner can access web content)
chmod -R g+rx /Library/WebServer/Documents (all web content is now readable/executable/enterable by _www)
then restart apache
It seems your user in httpd.conf is different that the one on the web directory
I found the solution here
Please uncomment the ServerName in line 212 (httpd.conf) and change the domain www.example.com to your domain.
Restart apache
i got a problem after i finish to set up LAMP and installed my laravel 4 application. Everything seem went well, when i go on my ip address url, it show me the first page of my application correctly, but all the rest of the page throw me an 404 error The requested URL was not found on this server.
So I added to my httpd.conf (under the virtual host of my project) -
AllowOverride All
Order allow,deny
<VirtualHost *:80>
ServerName VPS-IP-ADDRESS
DocumentRoot /var/www/html/nextmatch/public_html/public/
<Directory /var/www/html/nextmatch/public_html/public/>
AllowOverride all
Order allow,deny
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
</Directory>
</VirtualHost>
And now when i try to navigate instead the 404 error i got Forbidden
You don't have permission to access this server.
I set up with chmod 775 -R path/laravel/ and the folder storage with 777 but still i got the same error any suggest please? I cannot figure out to this problem i'm getting crazy! Thank you for any help.
The webserver starts as a daemon (service) under a particular user. That user is defined in httpd.conf. By default that user will be apache. Don't confuse the apache user with the httpd process. The latter is a webserver daemon and the former is the user under which it is going to run. If the folder you created belongs to root or a user other than the one defined in httpd.conf then apache won't be able to access it. The way to identify this problem is to go to the folder and do ls -l. If the user define in httpd.conf is apache then in order for it to access the folder, you should see:
drwxr-xr-x. 2 apache apache 4096 Jan 8 2013 public_folder
Note, it says 'apache apache', meaning it belongs to the apache user and group. If you created it via root then you will probably see:
drwxr-xr-x. 2 root root 4096 Jan 8 2013 public_folder
The apache user cannot access the folder defined by root. To solve this problem run the command:
chown -R apache:apache myfolder
The -R option is recursive, so it will update ownership for ALL folders and files within that folder to the apache user.
If your ownership if fine, then trying 'temporarily' turning off selinux. On centos you do:
setenforce 0
Which will turn off selinux till the next restart. Ideally, you will want to leave selinux on for additional security and set a valid context for your apache files and folders.
If turning off selinux does work, then you probably have the wrong security context for your files and folders. run the following command to restore your security contexts:
restorecon -R -v /var/www/
If you're using CentOS it could be an issue with selinux. Check to see if selinux is enabled with 'sestatus'. If it is enabled, you can check to see if that is the issue (temporarily) using 'sudo setenforce 0'. If apache can serve the site, then you just need to change the context of the files recursively using 'sudo chcon -R -t httpd_sys_content_t' (you can check the existing context using 'ls -Z'.
Selinux may not be the issue, but it's worth checking on.
try this inside the folder:
chcon -R -t httpd_sys_content_t *
chcon -R -t httpd_sys_content_t *
did the trick for me.
from php5.conf in /etc/apache2/mods-available
# Running PHP scripts in user directories is disabled by default
#
# To re-enable PHP in user directories comment the following lines
# (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
# prevents .htaccess files from disabling it.
#<IfModule mod_userdir.c>
# <Directory /home/*/public_html>
# php_admin_value engine Off
# </Directory>
#</IfModule>
I've hit a problem on Centos 6.5:
[Mon Dec 28 12:10:52 2012] [a] [client 127.0.0.1] (13) Permission denied: /srv/www/website/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
Basically, I was building a brand new server and trying to migrate all of my websites over into /srv/www folder instead of /var/www as it appears to be the future standard (there is a whole discussion about it so just google).
What I did:
1) added a new group (groupadd developers)
2) added users a (gid 501), root, apache, nobody to the above group
(usermod -G develoeprs a && usermod -G develoeprs apache && usermod -G develoeprs root && usermod -G develoeprs nobody)
3) copied all folders & files into /srv/www
4) changed ownership of entire /srv/www to apache:developers (chown -R apache:developers /srv/www)
5) changed mode so /srv/www is group readable/writable/searchable (chmod -R 2775 /srv/www)
6) added 'umask 002' to the end of /etc/sysconfig/httpd so it runs in group writable mode
7) added virtual host(s) and to /etc/httpd/conf.d/vhosts.conf (service httpd configtest throws OK)
NameVirtualHost *:80
NameVirtualHost *:443
SSLStrictSNIVHostCheck off
<VirtualHost *:443>
ServerAdmin webmaster#domain.ext
DocumentRoot /srv/www/test
ServerName test.domain.com
ServerAlias test.domain
SSLEngine on
SSLCertificateFile /etc/httpd/certs/domain.com/server.crt
SSLCertificateKeyFile /etc/httpd/certs/domain.com/server.key
<Directory /srv/www/test>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
8) restarted the server
9) started httpd manually because it asks for SSL certificate password otherwise autostart fails (need to look into how to start it automatically after rebooting)
I am still getting the same above error message.
Then, I tried changing the home folder in /etc/passwd for apache user to /srv/www (server restart) but still no joy i.e. Permission denied. I even renamed the old /var/www folder and created a symlink in /var/www to /srv/www. Another attempt was to chown back to root:root, apache:apache and :developers group for both.
/srv/www/ [NOT WORKING]
drwxr-xr-x. 2 root root (cgi-bin, error, html,icons)
drwxrwsr-x. 5 apache developers (all other website folders)
-rwxrwsr-x. 1 apache developers (all files)
/srv/
drwxrwsr-x. 4 apache developers www
/var/www [WORKING]
drwxr-xr-x. 2 root root (cgi-bin, error, html,icons)
drwxrwxr-x. 3 apache developers (all other website folders)
-rwxrwxr-x. 1 apache developers (all website files)
Then, as soon as I copy my one of my website's folder into /var/www and point paths in /etc/httpd/conf.d/vhosts.conf it starts to work fine!
DOES ANYONE KNOW WHY IT'S NOT WORKING IN /SRV/WWW folder??
I finally got to the bottom of the problem. It's caused by SELinux policies overriding basic traditional discretionary access control (DAC) methods such as file permissions or access control lists (ACLs) normally used to control the file access of users!
$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
$ setenforce
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]
$ setenforce Permissive
$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
More info on SELinux at Centos. As soon as I switched to Permissive mode my /srv/ started working.
If you know what and why you are doing this then you can permanently disable SELinux in /etc/selinux/config by changing the following line:
SELINUX=enforcing
to
SELINUX=disabled
Restart your server and you should have it disabled permanently.
Note: When switching from Disabled to either Permissive or Enforcing
mode, it is highly recommended that the system be rebooted and the
filesystem relabeled.
Are you sure that the user "apache" can cross the folder "/src" ?
What's the owner and the permission of the folder "/src" ?
I have a site that the root points to /var/www
I have set up two folders under /var/www
/var/www/old
/var/www/new
for the old folder, I have used the following to deny any access:
touch /var/www/old/.htaccess && echo deny from all >> /var/www/old/.htaccess
I now want the server to point the root to /var/www/new so that when people visit http://example.com the content in /var/www/new will serve, what should I do?
In Ubuntu the Apache configuration is located at /etc/apache2. There should be two folders, sites-available and sites-enabled. Inside sites-enabled are symlinks to config files in sites-available.
You simply have to change the document root in your activated configuration. Thats probably /etc/apache2/sites-enabled/000-default
Have a look for DocumentRoot and change it to /var/www/new, then reload your apache.
depends a LOT on how your apache server is configured.
I don't have an Ubuntu machine around, but what you're looking for is the DocumentRoot directive. On RedHat based machines it's normally in /etc/httpd/conf/httpd.conf but if memory serves Debian based systems use apache instead of httpd.
If that doesn't work be sure to check in /etc/httpd/conf.d since the files there are loaded dynamically.
Hope this helps :)
I have multiple websites setup on my Apache2 server. The directory structure is as follows:
/var/www/
/var/www/site1.com
/var/www/site2.com
It is setup such that "www.site1.com" has root folder /var/www/site1, "www.site2.com" has root folder /var/www/site2, and http://server_ip_address has root folder /var/www
However, if I type http://server_ip_address/site1.com, it opens site1.com. I don't want this to happen. (That is, individual sites should be accessible only by typing the correct address).
What is the way to configure this. (Also it would be helpful if you could give tips on best practices for directory structures for multiple websites)?
thanks
JP
The VirtualHost directive can be used to set individual DocumentRoots for each site name.
Have also a look at this document:
http://httpd.apache.org/docs/2.2/vhosts/name-based.html
Configure multiple websites on Ubuntu
Create apache configuration file:
sudo nano /etc/apache2/sites-available/site1.com
Minimal configuration for the virtual host:
<VirtualHost *:80>
DocumentRoot /var/www/site1.com
ServerName www.site1.com
# Other directives here
</VirtualHost>
Create the root folder:
sudo mkdir /var/www/site1.com
Change the permissions of the folder:
sudo chmod -R 775 /var/www/site1.com/
Create a new record in /etc/hosts
sudo nano /etc/hosts
Add the following line:
127.0.0.1 www.site1.com
Create a correct symlinks in sites-enabled:
sudo a2ensite site1.com
Restart the apache:
sudo /etc/init.d/apache2 restart
You have to do the same with the site2.com, site3.com etc...