What does a2ensite do apart from creating a symlink? - apache

I regularly use a2ensite and a2dissite to enable and disable sites in Apache. As far as I know it does little more than simply creating a symlink from /etc/apache2/sites-enabled to /etc/apache2/sites-available. I can also do it manually, but because it saves me typing a few characters I use these shortcuts.
I just did a cat /usr/sbin/a2ensite, and to my surprise it's quite an elaborate program. According to the man pages, it does little more than enabling sites though. I briefly looked over the (Perl) source code, but even though it's a lot of code I don't really understand what it does more than simply creating a symlink.
Why does it need so much code to simply create a symlink? What am I missing here?

Actually
a2enconf
a2disconf
a2dismod
a2ensite
a2dissite
are all only symlinks to a2enmod:
$ /usr/sbin$ ll -d a2*
lrwxrwxrwx 1 root root 7 Jul 15 17:33 a2disconf -> a2enmod
lrwxrwxrwx 1 root root 7 Jul 15 17:33 a2dismod -> a2enmod
lrwxrwxrwx 1 root root 7 Jul 15 17:33 a2dissite -> a2enmod
lrwxrwxrwx 1 root root 7 Jul 15 17:33 a2enconf -> a2enmod
-rwxr-xr-x 1 root root 15424 Apr 5 2016 a2enmod
lrwxrwxrwx 1 root root 7 Jul 15 17:33 a2ensite -> a2enmod
-rwxr-xr-x 1 root root 9870 Jul 15 17:33 a2query
and a2enmod implements the functionality of all six of them in one script.
It decides what to do depending on $0 (i.e. the name the script was called with).
That's probably the reason why it's more complicated than a simple ln -s.

Related

Proper permissions for website directories and to enable rsync deployment

I'm setting up a new website on a new Ubuntu droplet at Digital Ocean. I set this up previously on a different droplet and rsynced the website contents to it. I followed directions I found on the web, but didn't keep detailed-enough notes. I'm just trying to replicate this on the new Droplet. But I've messed up somehow. My knowledge of permissions, etc. is rudimentary :-(
My server has: /var/www/html
This is what I did:
• sudo usermod -a -G www-data [myusername]
• sudo chown -R www-data:www-data /var/www
• sudo chmod -R g+rw /var/www
• sudo chmod -R g+rws /var/www
I then created “/var/www/howardmann.us/public_html” for my website.
(I didn't put the public_html directory in var/www/html. I didn't on my other Droplet. Perhaps I should.)
sudo ls -la /var/www
total 16
drwxrwsr-x 4 www-data www-data 4096 Feb 25 15:43 .
drwxr-xr-x 14 root root 4096 Feb 24 14:27 ..
drwxr-sr-x 3 root www-data 4096 Feb 25 15:43 howardmann.us
drwxrwsr-x 2 www-data www-data 4096 Feb 25 15:42 html
sudo ls -la /var/www/howardmann.us/public_html
total 8
drwxr-sr-x 2 root www-data 4096 Feb 25 15:43 .
drwxr-sr-x 3 root www-data 4096 Feb 25 15:43 ..
Now, excerpts of rsync script (successful to my other Droplet) result from my laptop now:
1.
howardm$ ./deploy.sh
sending incremental file list
rsync: failed to set times on "/var/www/howardmann.us/public_html/.": Operation not permitted (1)
rsync: recv_generator: mkdir "/var/www/howardmann.us/public_html/css" failed: Permission denied (13)
* Skipping any contents from this failed directory *
3.
rsync: mkstemp "/var/www/howardmann.us/public_html/.DS_Store.8zaaQg" failed: Permission denied (13)
Question: How do I fix ownership and permissions on the server directories for 1) proper permissions for a website and 2) permit a rsync deploy?
For comparison, here is the status of my current working web site on the other Droplet:
howardm#howardmann:~$ ls -la /var/www/
total 20
drwxrwxr-x 5 howardm www-data 4096 Mar 5 2016 .
drwxr-xr-x 13 root root 4096 Mar 28 2015 ..
drwxrwxr-x 4 howardm www-data 4096 Jun 8 2016 howardmann.us
drwxrwxr-x 2 howardm www-data 4096 Mar 29 2015 html
Thanks!
Howard
Well, I fixed this after reading some more about permissions for a website.
My website folder is titled howardmann.us, which contains a public_html folder with the website contents.
So: /var/www/howardmann.us/public_html. (/var/www also contains a html directory)
I achieved the relevant ownership/permissions with:
sudo chown -R howardm:www-data /var/www/
I'm the owner, and www-data the group.
sudo usermod -a -G www-data [myusersername]
I'm a member of the www-data group
sudo chmod -R 2775 /var/www/
This yields the proper permissions, I believe for a web site.
I made sure the same owner:group applied to all these directories:
ls -l /var/www
total 8
drwxr-sr-x 3 howardm www-data 4096 Feb 26 19:23 howardmann.us
drwxrwsr-x 2 howardm www-data 4096 Feb 25 15:42 html
ls -l /var/www/howardmann.us
total 4
drwxr-xr-x 11 howardm www-data 4096 Feb 5 2017 public_html
Now rsync works without errors.
If anyone believes these ownership/permissions for a website are (substantially) improper, please comment.
Howard

Permission issues with Apache inside Docker

I'm using Docker to run an Apache instance. My docker file goes something like this:
FROM ubuntu
MAINTAINER your.face#gmail.com
RUN cat /etc/passwd
RUN cat /etc/group
RUN apt-get update && apt-get install -yq apache2 php5 libapache2-mod-php5 php5-mysql
RUN apt-get install -yq openssh-server
RUN mkdir /var/run/sshd
ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
EXPOSE 80
ADD config/apache2/000-default.conf /etc/apache2/sites-available/000-default.conf
ADD config/php5/php.ini /etc/php5/apache2/php.ini
ADD config/start.sh /tmp/start.sh
ADD src /var/www
RUN chown -R root:www-data /var/www
RUN chmod u+rwx,g+rx,o+rx /var/www
RUN find /var/www -type d -exec chmod u+rwx,g+rx,o+rx {} +
RUN find /var/www -type f -exec chmod u+rw,g+rw,o+r {} +
#essentially: CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
CMD ["/tmp/start.sh"]
However, when I build the container and run it, I only ever get 403 errors.
Notice that I've specified that Apache should run as www-data in www-data group, and that /var/www has been recursively chownd to belong to root:www-data.
Also, all directories are searchable and readable, and all files are readable and writeable by the www-data group (well, according to ls -la and namei -m they are anyways).
How do I fix these permissions issues? I cant figure it out.
Actual error from the Apache error.log:
[Fri May 23 18:33:27.663087 2014] [core:error] [pid 14] (13)Permission denied: [client 11.11.11.11:61689] AH00035: access to /index.php denied (filesystem path '/var/www/index.php') because search permissions are missing on a component of the path
EDIT:
output of ls -laR /var/www at the end of the Dockerfile:
Step 21 : RUN ls -laR /var/www
---> Running in 74fd3609dfc8
/var/www:
total 1036
drwxr-xr-x 67 root www-data 4096 May 23 18:38 .
drwxr-xr-x 26 root root 4096 May 23 18:38 ..
-rw-rw-r-- 1 root www-data 28 May 23 12:22 .gitignore
-rw-rw-r-- 1 root www-data 501 May 23 12:22 .htaccess
-rw-rw-r-- 1 root www-data 7566 May 23 12:22 index.php
Output of namei -m /var/www/index.php at the end of the Dockerfile:
Step 22 : RUN namei -m /var/www/index.php
---> Running in 1203f0353090
f: /var/www/index.php
drwxr-xr-x /
drwxr-xr-x var
drwxr-xr-x www
-rw-rw-r-- index.php
EDIT2
After trying a whole bunch of things, including chmod -R 777 just to see if I could get anything to work, I tried putting the source files added from the Dockerfile into /var/www/html, the default location for Apache files to be served.
I matched the default file permissions exactly (I think), and it still isn't working. The default index.html that comes with Apache loads just fine, but the added src folder still have a 403 access denied error.
I changed the Dockerfile to ADD src /var/www/html/src and the permissions were set using:
RUN find /var/www/html -type d -exec chmod u+rwx,g+rx,o+rx {} +
RUN find /var/www/html -type f -exec chmod u+rw,g+r,o+r {} +
No luck. Below is some of the output of ls -laR on /var/www. Notice that the permissions for the html folder and index.html that come with an apache2 install match those of the added src folder:
Step 19 : RUN ls -laR /var/www/
---> Running in 0520950d0426
/var/www/:
total 12
drwxr-xr-x 6 root root 4096 May 23 19:23 .
drwxr-xr-x 24 root root 4096 May 23 19:23 ..
drwxr-xr-x 5 root root 4096 May 23 19:23 html
/var/www/html:
total 24
drwxr-xr-x 5 root root 4096 May 23 19:23 .
drwxr-xr-x 6 root root 4096 May 23 19:23 ..
-rw-r--r-- 1 root root 11510 May 23 18:28 index.html
drwxr-xr-x 47 root root 4096 May 23 19:23 src
/var/www/html/src:
total 1032
drwxr-xr-x 47 root root 4096 May 23 19:23 .
drwxr-xr-x 5 root root 4096 May 23 19:23 ..
-rw-r--r-- 1 root root 28 May 23 12:22 .gitignore
-rw-r--r-- 1 root root 501 May 23 12:22 .htaccess
-rw-r--r-- 1 root root 7566 May 23 12:22 index.php
Perhaps chmod doesn't work quite the way I thought it does??
EDIT3
A final bit of information. The Docker container is being built by buildbot, which I've been assuming runs as root. I haven't been able to reproduce this scenario without using buildbot to do the building.
Building everything via sudo docker build -t apache . type commands on my laptop works fine, but the problems arise when buildbot does it. No idea why :^/
I just ran into this after posting a similar question at Running app inside Docker as non-root user.
My guess is you can't chmod/ chown files that were added via the ADD command. – thom_nic Jun 19 at 14:14
Actually you can. You just need to issue a a RUN command after the ADD for the file location that will be INSIDE your container. For example
ADD extras/dockerstart.sh /usr/local/servicemix/bin/
RUN chmod 755 /usr/local/bin/dockerstart.sh
Hope that helps. It worked for me.
I encountered a similar issue; however my container was using VOLUME to map directories across the container.
Changing the permissions on the directory that maps to /var/www/html itself remedied the 403 Forbidden errors.
docker-host$ ls -ld /var/www/html
drwxr--r-- 53 me staff 1802 Mar 8 22:33 .
docker-host$ chmod a+x /var/www/html
docker-host$ ls -ld /var/www/html
drwxr-xr-x 53 me staff 1802 Mar 8 22:33 .
Note that chmod must be applied on the Docker host, not within the container. Executing it within the container effects no change to the directory.
docker-container$ chmod a+x /var/www/html
docker-container$ ls -ld /var/www/html
drwxr--r-- 53 me staff 1802 Mar 8 22:33 .

can you help me out touchy wordpress debian install?

I have installed WordPress 3.6.1 on Debian 6.0.8 (alongside with other websites) by following this tutorial https://wiki.debian.org/WordPress.
I keep strugling with wordpress asking for ftp Connection Information for theme or plugin updates.
Could you please help me setting the rights correctly ?
Looking forward to read from you
What I can to do
install/delete plugin
install/delete themes
What I can't do
display theme nicely unless I manually create the symbolic link to the files.
Posts I have read :
Can I install/update WordPress plugins without providing FTP access?
How do I know which linux user Wordpress uses for plugin installation
WordPress can't install themes
A general linux file permissions question: Apache and WordPress
apache and sftp permissions for wordpress automatic update in ubuntu
What I have tried
Set FS_METHOD to direct
in /etc/wordpress/config-mydomain.fr.php
define('FS_METHOD', 'direct');
Re assigh permissions :
admin#server01:/usr/share/wordpress$ find -type d -exec sudo chmod 755 {} \;
admin#server01:/usr/share/wordpress$ find -type f -exec sudo chmod 644 {} \;
admin#server01:/usr/share/wordpress$ ls -l
total 144
-rw-r--r-- 1 root root 395 8 janv. 2012 index.php
-rw-r--r-- 1 root root 7155 14 sept. 2013 readme.html
-rw-r--r-- 1 root root 4616 21 janv. 2013 wp-activate.php
drwxr-xr-x 9 root root 4096 19 mars 13:00 wp-admin
-rw-r--r-- 1 root root 271 8 janv. 2012 wp-blog-header.php
-rw-r--r-- 1 root root 3513 16 juil. 2013 wp-comments-post.php
-rw-r--r-- 1 root root 2381 13 sept. 2013 wp-config.php
-rw-r--r-- 1 root root 3177 1 nov. 2010 wp-config-sample.php
drwxr-xr-x 5 root www-data 4096 19 mars 13:00 wp-content
-rw-r--r-- 1 root root 2718 23 sept. 2012 wp-cron.php
drwxr-xr-x 10 root root 4096 19 mars 13:00 wp-includes
-rw-r--r-- 1 root root 1997 23 oct. 2010 wp-links-opml.php
-rw-r--r-- 1 root root 2408 26 oct. 2012 wp-load.php
-rw-r--r-- 1 root root 29751 23 juil. 2013 wp-login.php
-rw-r--r-- 1 root root 7715 3 mars 2013 wp-mail.php
-rw-r--r-- 1 root root 9990 21 févr. 2013 wp-settings.php
-rw-r--r-- 1 root root 22135 15 mai 2013 wp-signup.php
-rw-r--r-- 1 root root 3692 9 mai 2013 wp-trackback.php
-rw-r--r-- 1 root root 2722 4 mars 2013 xmlrpc.php
&
admin#server01:/var/lib/wordpress$ find -type d -exec sudo chmod 755 {} \;
admin#server01:/var/lib/wordpress$ find -type f -exec sudo chmod 644 {} \;
admin#server01:/var/lib/wordpress$ ls -l
total 4
drwxr-xr-x 8 www-data www-data 4096 20 mars 15:04 wp-content
Manually remove broken plugin
admin#server01:/var/lib/wordpress/wp-content/plugins$ sudo rm akismet
admin#server01:/usr/share/wordpress/wp-content/plugins$ sudo rmdir akismet/
Manually remove broken themes
admin#server01:/usr/share/wordpress/wp-content/themes$ sudo rmdir twentythirteen/
admin#server01:/usr/share/wordpress/wp-content/themes$ sudo rmdir twentytwelve/
&
admin#server01:/var/lib/wordpress/wp-content/themes/clear$ sudo rm *
admin#server01:/var/lib/wordpress/wp-content/themes$ sudo rmdir clear/
Manually define themes symbolic links that dont want to appear automatically
admin#server01:/usr/share/wordpress/wp-content/themes$ sudo ln -s '/var/lib/wordpress/wp-content/themes/clear' 'clear'
Restart ssh :
admin#server01:~$ sudo /etc/init.d/ssh restart
Restarting OpenBSD Secure Shell server: sshd.
Restart apache :
admin#server01:~$ sudo service apache2 reload
Reloading web server config: apache2apache2: Could not reliably determine the server's fully qualified domain name, using 92.243.##.### for ServerName
/etc/apache2/sites-available/fr.mydomain.www
<VirtualHost *:80>
ServerName mydomain.fr
ServerAlias www.mydomain.fr
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mydomain\.fr
RewriteRule $(.*)$ http://www.mydomain.fr$1 [R=permanent,L]
DocumentRoot /usr/share/wordpress/
DirectoryIndex index.php index.html
ErrorLog /var/log/apache2/wp-error.log
TransferLog /var/log/apache2/wp-access.log
<Directory /usr/share/wordpress>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /wp/wp-content /var/lib/wordpress/wp-content/
ScriptAlias /wp /usr/share/wordpress/
<Directory "/var/lib/wordpress/wp-content">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
/etc/wordpress/config-mydomain.fr.php
<?php
define('DB_NAME', 'wordpress');
define('DB_USER', 'wordpress');
define('DB_PASSWORD', 'myPassword');
define('DB_HOST', 'localhost');
define('WP_CONTENT_DIR', '/var/lib/wordpress/wp-content');
define('FS_METHOD', 'direct');
?>
Apache seems to run as root
ps aux | grep apache
root 11565 0.0 0.7 227076 15040 ? Ss Mar19 0:03 /usr/sbin/apache2 -k start
root 23668 0.0 0.3 227212 7500 ? S 10:07 0:00 /usr/sbin/apache2 -k start
...
root 26875 0.0 0.3 227212 7500 ? S 12:50 0:00 /usr/sbin/apache2 -k start
admin 27111 0.0 0.0 9620 916 pts/1 S+ 13:18 0:00 grep apache
777*
I have tried to change /usr/share/wordpress/wp-content and /var/lib/wordpress/wp-content to 777 without success...and I know that is very very bad.
Maybe this is because of some weird behaviour of Wordpress: The check whether WP has write permissions creates a temporary file and compares the owner of that file (which will be the Apache process, www-data) to the result of getmyuid(). However, getmyuid() returns the owner of the running php file (wp-admin/update.php in this case) which is 0 (root) in the default install. Try to change the owner of this file to www-data, which made it work for me:
chown www-data:www-data /usr/share/wordpress/wp-admin/update.php

Why is /etc/apache2/sites-enabled/default returning blank?

I just installed a LAMP stack and when I ran sudo nano /etc/apache2/sites-enabled/default, it was empty, like whatever file it opened doesn't exist. Never had this problem on my last LAMP install. What's going on?
The files in Apache's sites-enabled directory are ordered, which means that the filenames start with a number. The default site is usually named 000-default or similar, not just default. Take a look in the directory to see what's there with ls, then edit that file with nano.
> ls -l /etc/apache2/sites-enabled
lrwxrwxrwx 1 root root 26 Nov 14 2013 000-default -> ../sites-available/default
> sudo nano /etc/apache2/sites-enabled/000-default
Hello thank you i get also this issue, as mentionned by Brian Kintz, I did
ls -l /etc/apache2/sites-enabled
and get line like :
lrwxrwxrwx 1 root root 26 Nov 14 2013 000-default -> ../sites-available/default
I try to edit it :
sudo nano /etc/apache2/sites-enabled/000-default
I have only virtualhost block inside this file.
Thank you

what is the difference between java-1.7.0-openjdk-i386 and java-7-openjdk-i386

when i install netbeans it gives me the option to select the java environment, i have 3 options, the oracle java and these two (java-1.7.0-openjdk-i386 and java-7-openjdk-i386). what is the difference between these two?The os if ubuntu.
The two OpenJDK are same. However OpenJDK is slightly different from Oracle JDK. Read this post for more clarification.
The reason why you are getting two options for OpenJDK is PROBABLY that you have two copies of OpenJDK installed (or two different references to the same directory on your system.)
For further investigation, try to ls -lh /usr/lib/jvm. The /usr/lib/jvm is usually the directory where Java gets installed. Check if one of them is a symbolic link. Also, check in netbeans the location of the two JDK and see if in fact you have two versions or references of Java on the system.
For example, here is the output of ls -lh on my system:
ls -lh
total 24K
lrwxrwxrwx 1 root root 26 Sep 10 13:41 default-java -> /usr/lib/jvm/java-7-oracle
lrwxrwxrwx 1 root root 18 Mar 13 2012 java-1.5.0-gcj -> java-1.5.0-gcj-4.6
drwxr-xr-x 7 root root 4.0K Aug 22 2012 java-1.5.0-gcj-4.6
lrwxrwxrwx 1 root root 19 Jun 26 2012 java-1.6.0-openjdk-i386 -> java-6-openjdk-i386
drwxr-xr-x 3 root root 4.0K Feb 15 10:52 java-6-openjdk-common
drwxr-xr-x 7 root root 4.0K Feb 15 10:52 java-6-openjdk-i386
drwxr-xr-x 8 ankit ankit 4.0K Jun 6 2012 java-6-sun
drwxr-xr-x 5 root root 4.0K Aug 22 2012 java-7-openjdk-i386
drwxr-xr-x 8 root root 4.0K Feb 20 10:40 java-7-oracle
lrwxrwxrwx 1 root root 12 Mar 13 2012 java-gcj -> java-gcj-4.6
lrwxrwxrwx 1 root root 18 Apr 16 2012 java-gcj-4.6 -> java-1.5.0-gcj-4.6
As you can see java-1.6.0-openjdk-i386 is just a symbolic link/reference to another directory named java-6-openjdk-i386
You installed it twice
From openjdk, following instructions from here
sudo apt-get install openjdk-7-jdk
From Stackoverflow, following instructions from here
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java7-installer
Would recommend the second one and remvong the first one by typing
sudo apt-get remove openjdk-7-jdk.