Apache vs User file owner - apache

(UNIX/LINUX)
Usually on a local Development Environment we fight with permission, this is really annoying things because sometime what we think is a code bug is just a file not accessible to apache.
The main problem is that some files are created by Apache ( so the web app ) other are created by the developers ( IDE or Editor )
The solution that I use it to add my user to apache group:
-sudo usermod -a -G www-data <username>
-sudo chgrp -R www-data /var/www
The issue is that when I create a new file with my IDE the files have [my user]/[my user] as owner and sometime apache is not able to read these files ( depending on the permission s flags)
So I'm forced to re-execute sudo chgrp -R www-data /var/www
Any solution to avoid this ?

Three main solutions
Set User ID / Set Group ID
sudo chmod -R 2750 www-data /path
Use apache ITK with AssignUserId (privilege seperation)
<IfModule itk.c>
AssignUserId www-data www-data
</IfModule>
Add apache to your IDE group (not recommend)
Side Note
Set User Id could be potentially dangerous as users (apache, so nearly the all world) can gain extra privileges by using files that grant them different (enanched) privileges, so you have perfectly to know what are you doing

I have found this question: that ask for something different but the answer looks to be a solution, here what they say (KahWee Teng):
You add yourself into the group with:
sudo usermod -a -G www-data <username>
Change the group to www-data just in case you haven't:
sudo chgrp -R www-data /var/www
Get new files to inherit the permissions (775) (sticky bit)
sudo chmod -R 2775 /var/www
The key is this last step (2775)

Related

{Done] Permissions for Data folder on external Harddrive

So i reinstalled Nextcloud on my Pi, because i got now an external harddrive to connect. So i used:
sudo ln -s media/pi/Elementals/Nextcloud/data /var/www/nextcloud/data
and i changed the the owner inside var /www/nextcloud to www-data for the data folder there.
Still i cant install it. I tried to change the owner of /media/pi/Elementals/Nextcloud/data. But cant change it.
im using:
chown -R www-data:www-data data/
Even thos when i use:
sudo -u www-data bash
and then create a folder its owned by pi.
What i did wrong ?
Got it:
used fstab used there ntfs-3g
I think you forgot to add sudo the command should be
sudo chown www-data /path/to/data/

Debian apache www-user to set processes for other users in crontab

i have a php script which enables crontab schedules as www-data. I want to do this from apache but with command -u userx. My question what i have to do in order to give the possibility for www-data user to create crontab jobs for other users?
So far:
1. I created userx and i put it to sudoers file.
2. Also made the sudo chown for www-data to crontab folder. The idea is that i host php file which makes the changes in crontab in apache so the user that changes crontab jobs must be www-data. any ideas?
I suggest use crontab for www-data
sudo -u www-data crontab -e

Warnings and errors appearing on site after changing ubuntu user permissions Amazon EC2 server

My site is running on a EC2 Amazon server under Ubuntu/Apache2.
My site was running fine until I changed the permissions for user 'ubuntu' by doing this command:
chown -R ubuntu /var/www/html
Now my site is spitting out warning messages and errors :(
www.kaysboutique.co.uk
I did this because I wanted to be able to write files via FileZilla after following this answer:
Amazon AWS Filezilla transfer permission denied
Fixed by running these:
sudo chown www-data -R /var/www/html
If not fixed, run sudo chown -R www-data /var/www/html
First to fix the pb try to restore the initial user and group for html directory by using this command :
sudo chown -R www-data:www-data /var/www/html
And if you need to add new user to www-data group use this command :
sudo useradd -g www-data [username]
sudo passwd [username]

Apache File permissions issue in Ubuntu

I'm trying to use Apache to access a file on my Documents folder.
I tried the following:
sudo chown -R www-data:www-data /home/$USER/public_html
sudo adduser $USER www-data
sudo chmod -R 775 /home/$USER/public_html
As suggested by this post:
https://askubuntu.com/questions/26848/permissions-issue-how-can-apache-access-files-in-my-home-directory
Although this works, now I cannot edit or the files directly as the user (without using sudo), despite being a member of the www-data group. The only solution that seemed to work is using chmod -R 777 (which I rather not do).
Turns out all I had to do is restart the OS and it was sorted!

Recursive write permissions for Apache user

Hello I am trying to install Prestashop on my LAMP server via SSH but when run the installation process. I got these error.
The Prestashop files are located in /var/www/html What should I do?
Thanks Morris Mukiri,
I tried all the chmod, chown, chgrp , but the prestashop error message still there .
Your suggestion of "allow apache do writes" worked !
setsebool -P httpd_enable_cgi on
setsebool -P httpd_unified on
setsebool -P httpd_builtin_scripting on
These few lines did the magic.
Find the Apache user and change the owner of the folders recursively.
E.g., if the Apache user is apache then:
chown -R apache:apache /var/www/html/config /var/www/html/cache...
Change the permissions for the document root folder
sudo chmod -R 755 /var/www/html/
You might want to add yourself to the same group as apache using
useradd -G {group-name} username
Try adding a rule in Selinux to allow apache do writes
sudo setsebool -P httpd_enable_cgi on
sudo setsebool -P httpd_unified on
sudo setsebool -P httpd_builtin_scripting on