I have a question:
I mount folder /var/www/html/testram
mount -t tmpfs -o size=5m,mode=0755 tmpfs /var/www/html/testram
And put file index.php with some text.
When I open site from web browser I don't see any text.
What I have:
drwxrwxrwx. 2 root root 60 May 25 17:42 testram
-rwxrwxrwx. 1 root root 132723 May 25 17:18 index.php
In logs i have errors:
PHP Warning:
Unknown: failed to open stream: Permission denied in Unknown on line 0
PHP Fatal error: Unknown: Failed opening required '/var/www/html/testram/index.php' (include_path='.:/usr/share/pear:/usr/share/php') in Unknown on line 0
I take an experiment and create just folder
drwxr-xr-x. 2 root root 22 May 25 17:25 testfolder
and create file
-rw-r--r--. 1 root root 132723 May 25 17:12 index.php
with the same text.
And when I open this index.php from web browser I see text.
Why I don't see any text from index.php mounted in tmpfs.
Thank you
chown apache.apache -R testram does any effect
You should have symlinks enabled in your httpd.conf or .htaccess:
Options +FollowSymlinks
Related
I am trying to capture an image through a webcam and display it on a webpage but I am getting "permission denied errors"
I am running apache with the following user/group
/etc/apache2/envvars :
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
In the html code i have the request:
myRequest.open("GET", "/cgi-bin/getImage1.cgi", true);
myRequest.send();
In /usr/lib/cgi-bin I have the file: getImage1.cgi
#!/bin/bash
rm image1.jpg
fswebcam -r 640x400 --no-banner --deinterlace -q -d /dev/video0 --jpeg 95 image1.jpg
The file and directories permissions are:
In /usr/lib drwxrwxrwx 2 root www-data 4096 May 14 19:37 cgi-bin
In /usr/lib/cgi-bin -rwxr-xr-x 1 www-data www-data 115 May 14 18:51 getImage1.cgi
In /dev crw-rw----+ 1 root video 81,0 May 14 18:02 video0
User www-data is a member of the following groups:
$ id www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data),44(video)
When i run the web page i get the following error code:
rm: cannot remove 'image1.jpg': No such file or directory
Error opening device: /dev/video0
open: Permission denied
Unable to find a source module that can read /dev/video0.
End of script output before headers: getImage1.cgi,
The error implies that it is executing the script but that the user does not have sufficient permissions to access the /dev/video0.
The apache user should be www-data which is a member of both www-data and video groups, so it should have access to the /usr/lib/cgi-bin directory, getImage1.cgi file, and the /dev/video0 webcam.
If I execute the script from the console it runs fine.
I would appreciate if anyone can offer suggestions.
I'm using Docker to run an Apache instance. My docker file goes something like this:
FROM ubuntu
MAINTAINER your.face#gmail.com
RUN cat /etc/passwd
RUN cat /etc/group
RUN apt-get update && apt-get install -yq apache2 php5 libapache2-mod-php5 php5-mysql
RUN apt-get install -yq openssh-server
RUN mkdir /var/run/sshd
ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
EXPOSE 80
ADD config/apache2/000-default.conf /etc/apache2/sites-available/000-default.conf
ADD config/php5/php.ini /etc/php5/apache2/php.ini
ADD config/start.sh /tmp/start.sh
ADD src /var/www
RUN chown -R root:www-data /var/www
RUN chmod u+rwx,g+rx,o+rx /var/www
RUN find /var/www -type d -exec chmod u+rwx,g+rx,o+rx {} +
RUN find /var/www -type f -exec chmod u+rw,g+rw,o+r {} +
#essentially: CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
CMD ["/tmp/start.sh"]
However, when I build the container and run it, I only ever get 403 errors.
Notice that I've specified that Apache should run as www-data in www-data group, and that /var/www has been recursively chownd to belong to root:www-data.
Also, all directories are searchable and readable, and all files are readable and writeable by the www-data group (well, according to ls -la and namei -m they are anyways).
How do I fix these permissions issues? I cant figure it out.
Actual error from the Apache error.log:
[Fri May 23 18:33:27.663087 2014] [core:error] [pid 14] (13)Permission denied: [client 11.11.11.11:61689] AH00035: access to /index.php denied (filesystem path '/var/www/index.php') because search permissions are missing on a component of the path
EDIT:
output of ls -laR /var/www at the end of the Dockerfile:
Step 21 : RUN ls -laR /var/www
---> Running in 74fd3609dfc8
/var/www:
total 1036
drwxr-xr-x 67 root www-data 4096 May 23 18:38 .
drwxr-xr-x 26 root root 4096 May 23 18:38 ..
-rw-rw-r-- 1 root www-data 28 May 23 12:22 .gitignore
-rw-rw-r-- 1 root www-data 501 May 23 12:22 .htaccess
-rw-rw-r-- 1 root www-data 7566 May 23 12:22 index.php
Output of namei -m /var/www/index.php at the end of the Dockerfile:
Step 22 : RUN namei -m /var/www/index.php
---> Running in 1203f0353090
f: /var/www/index.php
drwxr-xr-x /
drwxr-xr-x var
drwxr-xr-x www
-rw-rw-r-- index.php
EDIT2
After trying a whole bunch of things, including chmod -R 777 just to see if I could get anything to work, I tried putting the source files added from the Dockerfile into /var/www/html, the default location for Apache files to be served.
I matched the default file permissions exactly (I think), and it still isn't working. The default index.html that comes with Apache loads just fine, but the added src folder still have a 403 access denied error.
I changed the Dockerfile to ADD src /var/www/html/src and the permissions were set using:
RUN find /var/www/html -type d -exec chmod u+rwx,g+rx,o+rx {} +
RUN find /var/www/html -type f -exec chmod u+rw,g+r,o+r {} +
No luck. Below is some of the output of ls -laR on /var/www. Notice that the permissions for the html folder and index.html that come with an apache2 install match those of the added src folder:
Step 19 : RUN ls -laR /var/www/
---> Running in 0520950d0426
/var/www/:
total 12
drwxr-xr-x 6 root root 4096 May 23 19:23 .
drwxr-xr-x 24 root root 4096 May 23 19:23 ..
drwxr-xr-x 5 root root 4096 May 23 19:23 html
/var/www/html:
total 24
drwxr-xr-x 5 root root 4096 May 23 19:23 .
drwxr-xr-x 6 root root 4096 May 23 19:23 ..
-rw-r--r-- 1 root root 11510 May 23 18:28 index.html
drwxr-xr-x 47 root root 4096 May 23 19:23 src
/var/www/html/src:
total 1032
drwxr-xr-x 47 root root 4096 May 23 19:23 .
drwxr-xr-x 5 root root 4096 May 23 19:23 ..
-rw-r--r-- 1 root root 28 May 23 12:22 .gitignore
-rw-r--r-- 1 root root 501 May 23 12:22 .htaccess
-rw-r--r-- 1 root root 7566 May 23 12:22 index.php
Perhaps chmod doesn't work quite the way I thought it does??
EDIT3
A final bit of information. The Docker container is being built by buildbot, which I've been assuming runs as root. I haven't been able to reproduce this scenario without using buildbot to do the building.
Building everything via sudo docker build -t apache . type commands on my laptop works fine, but the problems arise when buildbot does it. No idea why :^/
I just ran into this after posting a similar question at Running app inside Docker as non-root user.
My guess is you can't chmod/ chown files that were added via the ADD command. – thom_nic Jun 19 at 14:14
Actually you can. You just need to issue a a RUN command after the ADD for the file location that will be INSIDE your container. For example
ADD extras/dockerstart.sh /usr/local/servicemix/bin/
RUN chmod 755 /usr/local/bin/dockerstart.sh
Hope that helps. It worked for me.
I encountered a similar issue; however my container was using VOLUME to map directories across the container.
Changing the permissions on the directory that maps to /var/www/html itself remedied the 403 Forbidden errors.
docker-host$ ls -ld /var/www/html
drwxr--r-- 53 me staff 1802 Mar 8 22:33 .
docker-host$ chmod a+x /var/www/html
docker-host$ ls -ld /var/www/html
drwxr-xr-x 53 me staff 1802 Mar 8 22:33 .
Note that chmod must be applied on the Docker host, not within the container. Executing it within the container effects no change to the directory.
docker-container$ chmod a+x /var/www/html
docker-container$ ls -ld /var/www/html
drwxr--r-- 53 me staff 1802 Mar 8 22:33 .
I just installed a LAMP stack and when I ran sudo nano /etc/apache2/sites-enabled/default, it was empty, like whatever file it opened doesn't exist. Never had this problem on my last LAMP install. What's going on?
The files in Apache's sites-enabled directory are ordered, which means that the filenames start with a number. The default site is usually named 000-default or similar, not just default. Take a look in the directory to see what's there with ls, then edit that file with nano.
> ls -l /etc/apache2/sites-enabled
lrwxrwxrwx 1 root root 26 Nov 14 2013 000-default -> ../sites-available/default
> sudo nano /etc/apache2/sites-enabled/000-default
Hello thank you i get also this issue, as mentionned by Brian Kintz, I did
ls -l /etc/apache2/sites-enabled
and get line like :
lrwxrwxrwx 1 root root 26 Nov 14 2013 000-default -> ../sites-available/default
I try to edit it :
sudo nano /etc/apache2/sites-enabled/000-default
I have only virtualhost block inside this file.
Thank you
I am just using the standard apache config file which mentions that it follows symlinks, but when I hit the url http://localhost/test it downloads the symlink file instead of following it. What config do I need to change to get apache to follow the symlink instead of downloading it?
This is an ls on the directory:
$ ls -al
total 10
drwx------+ 1 SYSTEM SYSTEM 0 Oct 20 10:55 .
drwx------+ 1 SYSTEM SYSTEM 0 Aug 26 12:27 ..
-rw-r--r--+ 1 me None 47 Oct 20 10:14 index.html
lrwxrwxrwx 1 me None 29 Oct 19 17:10 test -> /home/me/projects/test
This is in my apache config file:
<Directory "D:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
I figured out the problem. The symlink I was using was made using cygwin and it crossed drives/volumes. I found out that's not allowed in windows so I had to move the files to the same drive as apache and the link is now working.
I did a fresh-install of XAMPP for Linux (version 1.7.4) on my Ubuntu 11.04 x64 laptop.
Then I made a link in my htdocs folder to my project folder:
$pwd
/opt/lampp/htdocs
$sudo ln -s /home/petra/projects/webapp webapp
$ls -al
drwxr-xr-x 4 nobody root 4096 2011-08-18 11:58 .
drwxr-xr-x 18 root root 4096 2011-01-25 15:33 ..
lrwxrwxrwx 1 root root 26 2011-08-18 11:42 webapp -> /home/petra/projects/webapp
When I opened the webapp in the browser using http://localhost/webapp, it only showed "403 Access Forbidden". The error log said:
$tail -f /opt/lampp/logs/error_log
[Thu Aug 18 11:43:15 2011] [error] [client 127.0.0.1] Symbolic link not allowed or link target not accessible: /opt/lampp/htdocs/webapp
Here is the httpd.conf. Strangely, the FollowSymLinks options are already defined (default).
There is a similar question on the XAMPP forum but I think nobody seems to pay attention to it anymore.
Does anyone have an idea how to fix this?
Try to run Apache using your user.
By default Apache runs as "www-data" so edit your apache2.conf, and search for "user" and set:
user=youruser
Restart Apache and voilà, it should work.
I found out that if I use link from directory outside /home/petra, the web-app is working normally. I guess it's because I use Encrypted Home Directory setting on my Ubuntu.
I just have to move the project directory outside my home directory to make it work.
I ran into this problem when I symlinked the document root to code sitting on my encrypted home directory. I also solved it by running apache as the user who owned the encrypted content.