I'm newbie in the web development, and I'm trying to make a website. So, my website works fine on the server but not on my own (Apache). My sources are in ~/public_html/. The problem is I don't have permissions on the sub/sub directory, I mean, when it's a directory, it works fine, when it's directory in a directory, it doesn't. (403 Forbidden). I don't change my default Apache configuration excluding for include mysql and php.
All my directories have the same permissions. Maybe I need to configure something for that?
Thanks
I used this little script found at this link http://boomshadow.net/tech/fixes/fixperms-script/
Fixperms – for one single user
To use the fixperms script, simply log into your server as root, wget the file from our server, then run it. Type in the cPanel username and it will run only for that particular account.
It does not matter which directory you are in when you run fixperms. You can be in the user’s home directory, the server root, etc. The script will not affect anything outside of the particular user’s folder.
Should be done in SSH
root#example [~]# wget boomshadow.net/tools-utils/fixperms.sh
root#example [~]# sh ./fixperms.sh -a USER-NAME
Fixperms – for all of the users
If you would like fix the permissions for every user on your cPanel server, simply use the ‘-all’ option:
root#example [~]# wget boomshadow.net/tools-utils/fixperms.sh
root#example [~]#sh ./fixperms.sh -all
Related
I am running Apache 2.4.41 on Linux Mint 20.
My document root is home/www/.
I have a laptop also connected using Samba.
I would like to add a shared folder also (from the laptop) to the Document Root settings.
How do I do it without removing home/www/?
On your laptop, enable sharing of a folder. Lets say C:\LinuxShare.
On mint, install Samba to mount that folder. Mount it on /mnt/LinuxShare.
When that works...
Identify the user running your Apache. You can start is and do ps -ef | grep httpd, it will show you the user. Or look in httpd.conf, directive User.
Configure the permissions on /mnt/LinuxShare so that the user identified in 3) can read files under that directory. You could use a group, or others permissions (for home it's ok, for corporate network, do not use others!).
When you have validated that the Apache user can read files under /mnt/LinuxShare
In your VirtualHost, add Alias /wwwpc /mnt/LinuxShare
Also add a <Directory /mnt/LinuxShare> section to allow reading that directory.
Restart Apache
on the laptop, put an HTML file (lets say SOMEPAGE.html) in C:\LinuxShare. Make sure you can see it on mint under /mnt/LinuxShare.
on mint, start a browser and try http://localhost/wwwpc/SOMEPAGE.html. You should see the page.
on the laptop, start a browser and try http://THE_IP_OF_THE_MINT/wwwpc/SOMEPAGE.html. Remember that Apache runs on mint, so on the laptop you cannot access it via localhost.
Running wordpress locally on a centOS 7 server running the latest apache, PHPmyadmin and mariadb-server.
IP/wordpress and IP/phpmyadmin on systems within the local network yields "403 forbidden" "you dont have permission to access (directory) on this server."
How can I fix this to allow the website to be seen on the public internet?
Could be a lot of things.
In your main Apache configuration file (e.g. /etc/httpd/conf/httpd.conf on Arch Linux), confirm your DocumentRoot path. The files you want to serve must reside there, or in sub-directories from there (If not, you might want to use an Alias to specify another path). Since you call IP/wordpress and IP/phpmyadmin, then you probably have directories called wordpress and phpmyadmin under your DocumentRoot path.
You also want to check the Directory groups in your Apache configuration file. Under those, the main culprit would be the Require directive set to all denied or something else too much restrictive like ip your_ip.
Finally, PHP can restrict path access with the open_basedir directive. Look for it in your php configuration file (e.g. /etc/php/php.ini on Arch Linux). If the line is commented, you're fine. But if a path is specified, your wordpress and phpmyadmin files must reside there.
Depending on your setup, any directive mentioned above could be in another Apache configuration file (e.g. /etc/httpd/conf/extra/* on Arch Linux).
Take a look at Apache and PHP online documentation for information about those directives.
Probably there is an issue with your directory privileges.
Use the follwing command to check it:
cd your_site_directory
ls -l
You can have a look to have a better understanding on directory privileges here.
As mentioned here apache runs under "apache" user.
Have a look at this post here to fix the issue.
All files should belong at least to apache group. To do it you can use
cd your_site_directory
chgrp -R apache ./*
I'm using Ubuntu 14 server from DO, with LAMP stack installed, i followed the instruction here to install flask on ubuntu because my main purpose was to use Flask on my website.
https://www.digitalocean.com/community/tutorials/how-to-deploy-a-flask-application-on-an-ubuntu-vps
During the test, when user connects to "http:/myvpsip/createfile/" which creates a new file on the current folder /var/www/, I got error from Apache saying that the file cannot be created, "permission denied".
I tried again using PHP script that create a new file on the same directory /var/www/ but got the same problem. Both of the trials were done using root account. I tried to chmod the www folder to 755 or 777 and they are not working.
My question is, how do I set permission for apache2 that when users browse the website they will be able to create/edit file on the current directory?
Thank you
This is because when you installed your application, you did so as the root user. All your application files and directories are owned by root.
If you ls -l on /var/www and look inside the FlaskApp folder structure, you will likely see permissions set like this:
-rw-r--r-- 1 root root
When Apache runs, it runs on behalf of a main process owned by the user root and several child processes owned by the user www-data. So essentially, Apache is running as if logged in as user www-data.
When your application needs to do a file or folder operation (its running on behalf of Apache www-data user), the public/world permission bits are used since Apache child processes are not running as root user and not as root group.
Looking above, we see that only the read bit is set for the public/world permissions - no write. And that is where the problem lies.
One way to solve this is to make everything under /var/www/mywebsite owned by the user root and the group www-data. This sets things up so that only the root user can have full permissions and www-data (everyone else) can only read and execute (no write).
When you setup your website, you should set it up to be under its own separate folder. This way you can have multiple virtual domains (i.e. more websites) added later on. Assuming 'mywebsite' is where your domain is and you have already installed your application software (Flask) within it:
cd /var/www/mywebsite
chown -R root:www-data /var/www
You then as the system administrator, need to understand the application and go through the folders and files setting permissions. Apply permissions generally, then on a case by case basis.
For most directories (750)
- Only root can rwx directory
- www-data can only read and execute directory
- no public/world bits set as it makes no sense (*)
For directories that can be changed by web application (770)
- Root can rwx directory
- www-data can rwx directory
- no public/world bits set as it makes no sense (*)
- for uploading files, creating images, documents, etc by the users of the site
For most files (640)
- Never set the execute bit to avoid execution of misplaced shell or executable files
- PHP, Perl, etc. are just text files. They have nothing to do with exec permission
- No group write bit set
- Read must be set for owner and group else they cant see the web document
For special case where files need to be changed (660)
- Set group write bit if you want www-data users to create things
(*) Because all users who visit Apache are running on behalf of www-data
I have installed apache2 server on Ubuntu 14.04. It is working well with the files and directories which i have created here after installation, but if i copy any file or folder from anywhere else (already written) then is gives Forbidden error message.
Thanks in advance.
For a file to be accessible by apache2, it should be owned by the user which runs the apache2 server. On most systems the user is www-data or httpd or apache. To find which user is that, just look into your apache2.conf or httpd.conf. Once you know the user, make it the owner of the copied files/folders or reiterate it for the whole /var/www//html folder.
sudo chown -R www-data:www-data /var/www/html
This should do it. But, if it doesn't, verify that the user has at least read and execute permissions on the folder (write also, if you need to write some data through your script).
I'm using a VPS for the first time and I'm wondering the best way to set up this server that makes sense and has as little effort with permissions setting as possible.
So I use /var/www (all files owned by www-data) for system-wide stuff like PostfixAdmin, phpMyAdmin, etc. For actual domains, they're in ~/www/. So my structure is like this:
~/
www/
domain1.com
domain2.com
logs/
domain1.com
domain2.com
The problem is, certain web apps like WordPress want many files to be writable, and the Apache user is www-data. I've found that even if I chgrp -R www-data .; chmod -R g+w . in a domain, WordPress still complains until the file is actually owned by www-data.
This server has no FTP and will allow me to SFTP in only via key, no passwords. I'm trying to keep this as secure as possible. But if I SFTP in, I'm creating files as myself, not www-data.
I'm looking for advice on how to set up this system so I can just drop in files, edit them, and all the permissions are what they need to be for Apache to have write permissions for whatever it needs to do.
Thanks!
Aha! Solution was to edit /etc/apache2/envvars and change these lines accordingly:
export APACHE_RUN_USER=myusername
export APACHE_RUN_GROUP=myusername
And to also chown /var/lock/apache2 to myself.