I just launched a LAMP dropplet from Digital Ocean and am starting coding. When trying to create a new directory inside the web root it says
mkdir: cannot create directory ‘blog’: Permission denied
I can fix this by running chown -R user /var/www/html but I'm wondering if this will break things or if there's a better way of doing this. Thanks!
You have a variety of options on permissions, but essentially www-data needs read (and probably execute) permission.
I like to redefine the DocumentRoot in my VirtualHost definitions to use something other than /var/www/html, anyway.
For example, you could use /srv/www/sitename, and then assign permissions myuser:www-data to it.
There are also numerous threads on the DigitalOcean forums (and around the internet) about permissions schemes for web files. (e.g. Proper Permissions for Web Server Directory.)
Related
Still fairly new to ec2, I made a new directory as /home/user/www. Opened ftp service that allows git commits to be pushed to the server. This works fine as I can see the files come up. The problem being when I run my site, the Apache test page pops up and when I try opening a page in /home/user/www directory, it says Forbidden, you don't have permission to access / on this server.
I have successfully changed the DocumentRoot
DocumentRoot "/home/user/www"
AllowOverride None
# Allow open access:
Require all granted
and Directory in httpd.config to /home/user/www, all but to no result.
Any help is appreciated. Permissions are 777 for test basis but still no success. User is the owner of all the files in www
Solved my own question. Permissions need to be set on the third directory i.e., www. Therefore, I did chmod 755 ~/www.
Worked like a charm
Running wordpress locally on a centOS 7 server running the latest apache, PHPmyadmin and mariadb-server.
IP/wordpress and IP/phpmyadmin on systems within the local network yields "403 forbidden" "you dont have permission to access (directory) on this server."
How can I fix this to allow the website to be seen on the public internet?
Could be a lot of things.
In your main Apache configuration file (e.g. /etc/httpd/conf/httpd.conf on Arch Linux), confirm your DocumentRoot path. The files you want to serve must reside there, or in sub-directories from there (If not, you might want to use an Alias to specify another path). Since you call IP/wordpress and IP/phpmyadmin, then you probably have directories called wordpress and phpmyadmin under your DocumentRoot path.
You also want to check the Directory groups in your Apache configuration file. Under those, the main culprit would be the Require directive set to all denied or something else too much restrictive like ip your_ip.
Finally, PHP can restrict path access with the open_basedir directive. Look for it in your php configuration file (e.g. /etc/php/php.ini on Arch Linux). If the line is commented, you're fine. But if a path is specified, your wordpress and phpmyadmin files must reside there.
Depending on your setup, any directive mentioned above could be in another Apache configuration file (e.g. /etc/httpd/conf/extra/* on Arch Linux).
Take a look at Apache and PHP online documentation for information about those directives.
Probably there is an issue with your directory privileges.
Use the follwing command to check it:
cd your_site_directory
ls -l
You can have a look to have a better understanding on directory privileges here.
As mentioned here apache runs under "apache" user.
Have a look at this post here to fix the issue.
All files should belong at least to apache group. To do it you can use
cd your_site_directory
chgrp -R apache ./*
I'm using a VPS for the first time and I'm wondering the best way to set up this server that makes sense and has as little effort with permissions setting as possible.
So I use /var/www (all files owned by www-data) for system-wide stuff like PostfixAdmin, phpMyAdmin, etc. For actual domains, they're in ~/www/. So my structure is like this:
~/
www/
domain1.com
domain2.com
logs/
domain1.com
domain2.com
The problem is, certain web apps like WordPress want many files to be writable, and the Apache user is www-data. I've found that even if I chgrp -R www-data .; chmod -R g+w . in a domain, WordPress still complains until the file is actually owned by www-data.
This server has no FTP and will allow me to SFTP in only via key, no passwords. I'm trying to keep this as secure as possible. But if I SFTP in, I'm creating files as myself, not www-data.
I'm looking for advice on how to set up this system so I can just drop in files, edit them, and all the permissions are what they need to be for Apache to have write permissions for whatever it needs to do.
Thanks!
Aha! Solution was to edit /etc/apache2/envvars and change these lines accordingly:
export APACHE_RUN_USER=myusername
export APACHE_RUN_GROUP=myusername
And to also chown /var/lock/apache2 to myself.
I'm just a newbie for Apache. I just installed apache 2.2 on the FreeBSD box at my home office. The instruction on FreeBSD documentation is that I can change the DocumentRoot directive in order to use the customized directory data. Therefore, I replaced...
/usr/local/www/apache22/data
with
/usr/home/some_user/public_html
but something is not right. There's index.html file inside the directory, but it seems that apache could not read the directory/file.
Forbidden
You don't have permission to access / on this server.
The permission of
public_html
is
drwxr-xr-x
I wonder what could be wrong here. Also, in my case, I am not going to host more than one website for this FreeBSD box, so I didn't look at using VirtualHost at all. Is this a good practice just to change the DirectoryRoot directive?
Somewhere in the apache config is a line like:
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/usr/local/www/apache22/data">
You must change this path too, to make it work. This directive contains for example:
Order allow,deny
Allow from all
Which give initial user access to the directory.
one possibility that comes to mind is SELinux blocking web process from accessing that folder. If this is the case, you would see it in selinux log. You would have to check the context for your original web root with:
ls -Zl
and then apply it to your new web folder:
chcon whatevercontextyousaw public_html
Or, instead, if its not a production server that requires security (like a development machine behind a firewall), you might want to just turn selinux off.
Just one idea. Could be a number of other things.
I am interested in setting up a local php testing / development environment using the lamp stack.
I would like to use the php plugin for eclipse (I typically work with java and am very familiar with eclipse).
First of all, is it proper practice to develop my site locally directly within the apache /var/www directory?
If this is ok, can somebody describe how to properly set the permissions of the www directory so that eclipse (not being run as root) has access to read/modify php files within that directory?
This is strictly for local development so I assume security isn't as high of an issue.
It doesn't matter, I personally placed it in /var/www/ and put it under the www-data group, and placed my username into the www-data group.
You add yourself into the group with:
sudo usermod -a -G www-data <username>
Change the group to www-data just in case you haven't:
sudo chgrp -R www-data /var/www
Get new files to inherit the permissions (750)
sudo chmod -R 2750 www-data /var/www
Some people prefer to put it in /home/username/www/ which would be easier.
If you prefer to put it somewhere else, like your Eclipse workspace directory, you can change Apache's DocumentRoot (or create a VirtualHost with a different DocumentRoot). Edit Apache's httpd.conf file, and add this at the end:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mytestserver.localhost
DocumentRoot /path/to/project/dir
</VirtualHost>
The *s can be left as-is; that means they will work regardless of your IP address.
The ServerName can be anything you want, as long as you add a corresponding entry in your /etc/hosts file, e.g.:
127.0.0.1 mytestserver.localhost
I often make all my local servers end in ".localhost", just as a convention.
Finally, restart Apache. Then you can access the server at http://mytestserver.localhost. Repeat as necessary to use multiple virtual hosts, each pointing to a different project.
As long as the files can be read by everyone, which is usually the default, you should be fine.
It's definitely possible to work on your site directly in your server's /var/www/ directory. however, it's probably better practice to setup a local environment (using something like XAMPP) to edit your website on a development machine and then upload it to your live server when it's ready. that way you don't introduce any bugs or errors into the live site temporarily.