I'm new to writing permissions in Apache. This is a shared sever of which I have one account on it.
I was having an issue with FileZilla not being able to write to my var/www directory and in an attempt to change its permissions I think I have made it worse.
Here are my current settings
$ ls -l
total 40
drwxr-xr-x 2 root root 4096 Feb 5 2013 backups
drwxr-xr-x 7 root root 4096 Jul 30 2013 cache
drwxr-xr-x 26 root root 4096 Jul 30 2013 lib
drwxrwsr-x 2 root staff 4096 Apr 15 2008 local
lrwxrwxrwx 1 root root 9 Feb 5 2013 lock -> /run/lock
drwxr-xr-x 7 root root 4096 Jul 30 2013 log
drwxrwsr-x 2 root mail 4096 Feb 5 2013 mail
drwxr-xr-x 2 root root 4096 Feb 5 2013 opt
lrwxrwxrwx 1 root root 4 Feb 5 2013 run -> /run
drwxr-xr-x 4 root root 4096 Feb 5 2013 spool
drwxrwxrwt 2 root root 4096 Feb 5 2013 tmp
drwxrwx--- 2 root root 4096 Jul 30 2013 www
Can anyone tell me what are the correct permissions to have on the www folder, and even better how to obtain them?
I think it should be
drwxrwxr-x 2 root root 4096 Jul 30 2013 www
Thanks
There is no such thing as "correct permissions".
There's the permissions setup which was used as default in your installation.
There's the right permissions to use for YOUR security model
You appear to be using a security model which requires non-standard permissions, And you've not once mentioned 'users' or 'groups' let alone what your security model is.
As root, you should chown /var/www to whoever should 'own' the directory (hint: it's neither root nor the apache uid) then set the group ownership appropriately (we can't tell from the information you've provided what that is - but again it's neither root nor the apache uid) then chmod o_rx the directory.
Then please go learn a bit about Linux/Unix admin - try googling for "the rute"
Related
I'm trying to connect to MariaDB with Google App Script.
I've been following this post, and these instructions and used this advice to get the certs setup.
const server = 'x.x.x.x'; //not my actual ip
const port = 3306;
const dbName = 'myDbName';
const username = 'googleusername';
const password = 'hunter2';
const url = 'jdbc:mysql://'+server+':'+port+'/'+dbName+'?useSSL=true';
const serverSslCertificate = '-----BEGIN CERTIFICATE-----\n'+
'zxcv1231223123'+
.... etc ....
'112223334'+'\n'+
'-----END CERTIFICATE-----';
const clientSslCertificate = '-----BEGIN CERTIFICATE-----\n
'+ 'zxcv1231223123'+
.... etc ....
'112223334'+'\n'+
'-----END CERTIFICATE-----';
const clientSslKey ='-----BEGIN RSA PRIVATE KEY-----\n
'+ 'zxcv1231223123'+
.... etc ....
'112223334'+'\n'+
'-----END RSA PRIVATE KEY-----';
var connParams = {
user: username,
password: password,
_serverSslCertificate: serverSslCertificate,
_clientSslCertificate: clientSslCertificate,
_clientSslKey: clientSslKey,
};
When I try to connect, it fails and in MariaDB I can see in the mysql error logs:
2022-10-18 23:01:50 18 [Warning] Access denied for user 'googleusername'#'y.y.y.y' (using password: YES)
And in Apps Script I see
Exception: Failed to establish a database connection. Check connection string, username and password.
If I do:
MariaDB [bitnami_wordpress]> SHOW GLOBAL VARIABLES LIKE '%ssl%' \G
*************************** 1. row ***************************
Variable_name: have_openssl
Value: YES
*************************** 2. row ***************************
Variable_name: have_ssl
Value: DISABLED
*************************** 3. row ***************************
Variable_name: ssl_ca
Value: /opt/bitnami/mariadb/certs/ca.pem
*************************** 4. row ***************************
Variable_name: ssl_capath
Value:
*************************** 5. row ***************************
Variable_name: ssl_cert
Value: /opt/bitnami/mariadb/certs/server-cert.pem
*************************** 6. row ***************************
Variable_name: ssl_cipher
Value:
*************************** 7. row ***************************
Variable_name: ssl_crl
Value:
*************************** 8. row ***************************
Variable_name: ssl_crlpath
Value:
*************************** 9. row ***************************
Variable_name: ssl_key
Value: /opt/bitnami/mariadb/certs/server-key.pem
Found this in the MariaDB startup log:
2022-10-18 23:32:19 0 [Warning] Failed to setup SSL
2022-10-18 23:32:19 0 [Warning] SSL error: SSL_CTX_set_default_verify_paths failed
2022-10-18 23:32:19 0 [Warning] SSL error: error:02001002:system library:fopen:No such file or directory
2022-10-18 23:32:19 0 [Warning] SSL error: error:2006D080:BIO routines:BIO_new_file:no such file
2022-10-18 23:32:19 0 [Warning] SSL error: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
I took a look at the have_ssl = disabled thing, and found this.
bitnami#ip-172-26-11-184:~/stack/mariadb/conf/certs$ ls -lah
total 40K
drwxr-xr-x 2 bitnami root 4.0K Oct 9 04:17 .
drwxrwxr-x 4 root root 4.0K Oct 18 22:10 ..
-rw-r--r-- 1 bitnami root 1.7K Oct 9 04:16 ca-key.pem
-rw-r--r-- 1 bitnami root 1.4K Oct 9 04:17 ca.pem
-rw-r--r-- 1 bitnami root 1.3K Oct 9 04:17 client-cert.pem
-rw------- 1 bitnami root 1.7K Oct 9 04:17 client-key.pem
-rw-r--r-- 1 bitnami root 1.1K Oct 9 04:17 client-req.pem
-rw-r--r-- 1 bitnami root 1.3K Oct 9 04:17 server-cert.pem
-rw------- 1 bitnami root 1.7K Oct 9 04:17 server-key.pem
-rw-r--r-- 1 bitnami root 1.1K Oct 9 04:17 server-req.pem
bitnami#ip-172-26-11-184:~/stack/mariadb/conf$ ls -lah
total 24K
drwxrwxr-x 4 root root 4.0K Oct 18 22:10 .
drwxr-xr-x 12 root root 4.0K Apr 14 2022 ..
drwxrwxr-x 3 root root 4.0K Sep 5 11:52 bitnami
drwxr-xr-x 2 bitnami root 4.0K Oct 9 04:17 certs
-rw-rw-r-- 1 bitnami root 1.1K Oct 18 22:10 my.cnf
-rw-r--r-- 1 root root 1002 Oct 9 04:16 run.sh
Amongst other things in my my.cnf:
[mysqld]
skip_name_resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mariadb
port=3306
tmpdir=/opt/bitnami/mariadb/tmp
socket=/opt/bitnami/mariadb/tmp/mysql.sock
pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
max_allowed_packet=16M
bind_address=0.0.0.0
log_error=/opt/bitnami/mariadb/logs/mysqld.log
slow_query_log=0
slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
long_query_time=10.0
character_set_server=utf8
collation_server=utf8_general_ci
plugin_dir=/opt/bitnami/mariadb/lib/plugin
ssl_ca=/opt/bitnami/mariadb/certs/ca.pem
ssl_cert=/opt/bitnami/mariadb/certs/server-cert.pem
ssl_key=/opt/bitnami/mariadb/certs/server-key.pem
require_secure_transport=ON
Does anyone have any ideas of what to try next and why it's not working?
I got to the bottom of it.
Lessons learnt:
If
MariaDB [bitnami_wordpress]> SHOW GLOBAL VARIABLES LIKE '%ssl%' \G
shows
Variable_name: have_ssl
Value: DISABLED
Then your server side SSL is not enabled.
Check the MySQL log on reload/restart
[Warning] SSL error: error:02001002:system library:fopen:No such file or directory 2022-10-18 23:32:19 0
This kind of thing is a hint - in my case that I'd listed the paths wrong in the config file
The certificates that are needed on the client side are:
The Certificate Authority (ca.pem)
Client Cert
Client Key
In my case, I had the server cert, rather than the CA certificate.
It may be worth trying to connect with the certificates from a commandline client, but whatever "--ssl-verify-server-cert " does, it isn't what App Script does when it tries to connect.
Thanks #danblack for the pointers and encouragement.
This is not the first question based on this error, I know, and I have checked what I can, but still do not understand the problem.
Below is the error message.
[Sun Jul 07 11:13:37.482061 2019] [core:crit] [pid 11261] (1)Operation not permitted: [client ::1:50913] AH00529: /Users/jokerham/Documents/Workspace/web/Nanitelink/www/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/Users/jokerham/Documents/Workspace/web/Nanitelink/www/' is executable
These are the things that I checked.
ls -al /
drwxr-xr-x 6 root admin 192 10 26 2018 Users
ls -ale# /Users
drwxr-xr-x+ 57 jokerham staff 1824 7 4 23:10 jokerham
0: group:everyone deny delete
ls -ale# /Users/jokerham
drwxr-xr-x+ 29 jokerham staff 928 3 24 18:03 Documents
0: group:everyone deny delete
ls -ale# /Users/jokerham/Documents
drwxr-xr-x 11 jokerham staff 352 6 21 20:44 Workspace
ls -ale# /Users/jokerham/Documents/Workspace
drwxr-xr-x 6 jokerham staff 192 7 4 22:51 web
ls -ale# /Users/jokerham/Documents/Workspace/web
drwxr-xr-x 9 jokerham staff 288 7 5 07:50 Nanitelink
ls -ale# /Users/jokerham/Documents/Workspace/web/Nanitelink
drwxr-xr-x 6 jokerham admin 192 6 28 07:17 www
ls -ale# /Users/jokerham/Documents/Workspace/web/Nanitelink/www
-rw-r--r-- 1 jokerham admin 173 6 21 21:38 .htaccess
As seen above result, web root folder 'www' is readable & executable by anyone and .htaccess is readable by anyone. Why I am I still getting the error?
I'm developing a PostgreSQL based site.
If I begin my index.php like
<?php
(...)
?>
it shows normally on the browser. But if I begin like
<?php session_start();
include("../includes/databaseLogin.php");
?>
it doesn't show anything at all. I wonder if that's because of 'includes' folder's permission. If I type ls -la at the .. folder, it gives:
drwxr-xr-x 4 root root 4096 Ago 9 20:21 .
drwxr-xr-x 14 root root 4096 Jul 23 11:30 ..
drwxr-xr-x 2 root root 4096 Ago 9 20:47 html
drwxr-xr-x 2 root root 4096 Ago 9 20:46 includes
The permissions on the file includes/databaseLogin.php are
-rw-r--r--
There are 3 R's which means my folder can be READ by myself, by other users on my group, and by other users on other groups, right? Or not? What am I doing wrong here? I'm using Ubuntu 14.04 with Apache server.
Thanks in advance.
I know this is a repeated question but Im totally blocked with no understanding of creating virtual directories for apache server
I'm able access my homepage index.html but I'm unable to access another page in that folder
page2.html in /var/www/html/
Also I need to view the folder Firmwares soft-linked to another folder in desktop.
I'm using Fedora 14
Here are my questions
1. How can enable access to other pages in /var/www/html/?
2. What privileges must I provide that Folder and what changes in httpd.conf?
3. How can I just easily add a virtual directory? Do I have to edit the .conf file every time?
(Can I edit .conf file once and then create sub directories in the same parent folder without fuss?)
Current HTTPD.conf is -
http://pastebin.com/BBxaAhMk
Current Privileges are -
[root#wbserv ~]# ls -l /var/www/
total 24
drwxr-xr-x. 2 root root 4096 Jul 26 2010 cgi-bin
drwxr-xr-x. 3 root root 4096 Jan 25 17:23 error
drwxr-xr-x. 2 root root 4096 Feb 14 04:41 html
drwxr-xr-x. 3 root root 4096 Jan 25 17:26 icons
drwxr-xr-x. 14 root root 4096 Jan 25 17:27 manual
drwxr-xr-x. 2 webalizer root 4096 Feb 7 03:39 usage
[root#wbserv ~]# ls -l /var/www/html/
total 868
-rwxr-xr-x. 1 root root 52264 Feb 6 15:48 bkg.jpg
-rwxr-xr-x. 1 root root 462993 Feb 6 15:48 banner.png
-rwxr-xr-x. 1 root root 28785 Feb 6 15:48 title.png
lrwxrwxrwx. 1 root root 24 Feb 10 15:39 Firmwares -> /root/Desktop/Firmwares/
-rwxr-xr-x. 1 root root 6282 Feb 14 04:39 index.html
-rwxr-xr-x. 1 root root 9304 Feb 6 15:48 logo.png
-rwxr-xr-x. 1 root root 16877 Feb 6 15:48 sorttable.js
-rwxr-xr-x. 1 root root 1432 Feb 14 04:39 page2.html
-rwxr-xr-x. 1 root root 4303 Feb 6 15:48 style.css
[root#wbserv ~]# ls -l /root/Desktop/
total 16
drwx------. 4 root root 4096 Jan 31 15:28 Firmwares
drwx------. 10 root root 4096 Feb 14 04:36 Utilities
I made an Apache virtual host for a web application that works fine, but I have a problem with the URL. I want my application to be accessed only using an url similar with: http://ip_address/app_name, but now the aplication can be access also with http://ip_address/.
My virtual host looks like this:
NameVirtualHost 192.168.5.235:80
<VirtualHost 192.168.5.235:80>
ServerName 192.168.5.235
Alias /ksw "/home/ksw/site"
DocumentRoot "/home/ksw/site/"
ErrorLog /home/ksw/logs/error_log
CustomLog /home/ksw/logs/access_log combined
</VirtualHost>
Is there a way to configure my application to be accessed only using http://ip_adress/app_name? Thanks.
The home /home/ksw/site files are:
drwxrwxr-x 18 apache apache 4096 Aug 4 17:41 .
drwxr-xr-x 4 root root 4096 Aug 3 20:17 ..
-rw-rw-r-- 1 apache apache 825 Aug 3 20:18 AdminSettings.sample
-rw-rw-r-- 1 apache apache 2179 Aug 3 20:18 api.php
-rw-rw-r-- 1 apache apache 28 Aug 3 20:18 api.php5
drwxrwxr-x 2 apache apache 4096 Aug 3 20:17 bin
drwxrwxr-x 2 apache apache 4096 Aug 3 20:18 config
-rw-rw-r-- 1 apache apache 4505 Aug 3 20:18 config.php
-rw-rw-r-- 1 apache apache 17997 Aug 3 20:17 COPYING
drwxrwxr-x 4 apache apache 4096 Aug 3 20:18 docs
drwxrwxr-x 3 apache apache 4096 Aug 3 20:17 extensions
-rw-rw-r-- 1 apache apache 162 Aug 3 20:18 FAQ
-rw-rw-r-- 1 apache apache 236945 Aug 3 20:17 HISTORY
drwxrwxr-x 2 apache apache 4096 Aug 3 20:18 home
drwxrwxrwx 3 apache apache 4096 Aug 3 20:17 images
-rw-rw-r-- 1 apache apache 2474 Aug 3 20:18 img_auth.php
-rw-rw-r-- 1 apache apache 35 Aug 3 20:17 img_auth.php5
drwxrwxr-x 9 apache apache 12288 Aug 4 14:13 includes
-rw-rw-r-- 1 apache apache 4561 Aug 3 21:03 index.php
-rw-rw-r-- 1 apache apache 32 Aug 3 20:17 index.php5
-rw-rw-r-- 1 apache apache 3992 Aug 3 20:17 INSTALL
-rw-rw-r-- 1 apache apache 3772 Aug 3 20:18 install-utils.inc
drwxrwxr-x 4 apache apache 4096 Aug 3 20:18 languages
drwxrwxr-x 2 apache apache 4096 Aug 3 20:17 locale
-rw-rw-r-- 1 apache apache 4993 Aug 4 14:05 LocalSettings.php
drwxrwxr-x 8 apache apache 4096 Aug 3 20:18 maintenance
-rw-rw-r-- 1 apache apache 569 Aug 3 20:18 Makefile
drwxrwxr-x 2 apache apache 4096 Aug 3 20:17 math
-rw-rw-r-- 1 apache apache 1532 Aug 3 20:18 opensearch_desc.php
-rw-rw-r-- 1 apache apache 6173 Aug 3 20:18 profileinfo.php
-rw-rw-r-- 1 apache apache 3535 Aug 3 20:18 README
-rw-rw-r-- 1 apache apache 299 Aug 4 17:41 redirect.php
-rw-rw-r-- 1 apache apache 35 Aug 3 20:17 redirect.php5
-rw-rw-r-- 1 apache apache 91 Aug 3 20:17 redirect.phtml
-rw-rw-r-- 1 apache apache 34280 Aug 3 20:17 RELEASE-NOTES
drwxrwxr-x 2 apache apache 4096 Aug 3 20:17 serialized
-rw-rw-r-- 1 apache apache 18814 Aug 3 20:18 setup.php
-rw-rw-r-- 1 apache apache 20480 Aug 3 20:18 .setup.php.swp
drwxrwxr-x 9 apache apache 4096 Aug 3 20:18 skins
-rw-rw-r-- 1 apache apache 603 Aug 3 20:18 StartProfiler.php
drwxrwxr-x 4 apache apache 4096 Aug 3 20:17 t
-rw-rw-r-- 1 apache apache 12822 Aug 3 20:18 Test.php
drwxrwxr-x 2 apache apache 4096 Aug 3 20:18 tests
-rw-rw-r-- 1 apache apache 2746 Aug 3 20:18 thumb.php
-rw-rw-r-- 1 apache apache 32 Aug 3 20:18 thumb.php5
-rw-rw-r-- 1 apache apache 1373 Aug 3 20:18 trackback.php
-rw-rw-r-- 1 apache apache 13195 Aug 3 20:18 UPGRADE
drwxrwxr-x 16 apache apache 4096 Aug 3 20:18 wiki
-rw-rw-r-- 1 apache apache 88 Aug 3 20:17 wiki.phtml
-rw-rw-r-- 1 apache apache 3830 Aug 3 20:18 xmlp4.php
Captain Obvious says it shouldn't be so. =)
May be only if 'app_name' dir is a symbolic link to 'ip_addr' dir.
Or if you use django (for example) and configured views incorrectly.
Do you use php? If so - something definitely wrong happens=)
added:
If you 'app_name' string is actually 'ksw' than...
You've installed you mediawiki in the site root dir and ONLY added a link by 'Alias /ksw' to it!!
Solutions:
If you want ONLY to restrict access to http://ip_address/ use .htaccess apache file.
If you want 2 different pages at / and /app_name you need to create folder 'app_name' and install your app there!
That's all.