I'm using a VPS for the first time and I'm wondering the best way to set up this server that makes sense and has as little effort with permissions setting as possible.
So I use /var/www (all files owned by www-data) for system-wide stuff like PostfixAdmin, phpMyAdmin, etc. For actual domains, they're in ~/www/. So my structure is like this:
~/
www/
domain1.com
domain2.com
logs/
domain1.com
domain2.com
The problem is, certain web apps like WordPress want many files to be writable, and the Apache user is www-data. I've found that even if I chgrp -R www-data .; chmod -R g+w . in a domain, WordPress still complains until the file is actually owned by www-data.
This server has no FTP and will allow me to SFTP in only via key, no passwords. I'm trying to keep this as secure as possible. But if I SFTP in, I'm creating files as myself, not www-data.
I'm looking for advice on how to set up this system so I can just drop in files, edit them, and all the permissions are what they need to be for Apache to have write permissions for whatever it needs to do.
Thanks!
Aha! Solution was to edit /etc/apache2/envvars and change these lines accordingly:
export APACHE_RUN_USER=myusername
export APACHE_RUN_GROUP=myusername
And to also chown /var/lock/apache2 to myself.
Related
Running wordpress locally on a centOS 7 server running the latest apache, PHPmyadmin and mariadb-server.
IP/wordpress and IP/phpmyadmin on systems within the local network yields "403 forbidden" "you dont have permission to access (directory) on this server."
How can I fix this to allow the website to be seen on the public internet?
Could be a lot of things.
In your main Apache configuration file (e.g. /etc/httpd/conf/httpd.conf on Arch Linux), confirm your DocumentRoot path. The files you want to serve must reside there, or in sub-directories from there (If not, you might want to use an Alias to specify another path). Since you call IP/wordpress and IP/phpmyadmin, then you probably have directories called wordpress and phpmyadmin under your DocumentRoot path.
You also want to check the Directory groups in your Apache configuration file. Under those, the main culprit would be the Require directive set to all denied or something else too much restrictive like ip your_ip.
Finally, PHP can restrict path access with the open_basedir directive. Look for it in your php configuration file (e.g. /etc/php/php.ini on Arch Linux). If the line is commented, you're fine. But if a path is specified, your wordpress and phpmyadmin files must reside there.
Depending on your setup, any directive mentioned above could be in another Apache configuration file (e.g. /etc/httpd/conf/extra/* on Arch Linux).
Take a look at Apache and PHP online documentation for information about those directives.
Probably there is an issue with your directory privileges.
Use the follwing command to check it:
cd your_site_directory
ls -l
You can have a look to have a better understanding on directory privileges here.
As mentioned here apache runs under "apache" user.
Have a look at this post here to fix the issue.
All files should belong at least to apache group. To do it you can use
cd your_site_directory
chgrp -R apache ./*
I just launched a LAMP dropplet from Digital Ocean and am starting coding. When trying to create a new directory inside the web root it says
mkdir: cannot create directory ‘blog’: Permission denied
I can fix this by running chown -R user /var/www/html but I'm wondering if this will break things or if there's a better way of doing this. Thanks!
You have a variety of options on permissions, but essentially www-data needs read (and probably execute) permission.
I like to redefine the DocumentRoot in my VirtualHost definitions to use something other than /var/www/html, anyway.
For example, you could use /srv/www/sitename, and then assign permissions myuser:www-data to it.
There are also numerous threads on the DigitalOcean forums (and around the internet) about permissions schemes for web files. (e.g. Proper Permissions for Web Server Directory.)
I am trying to migrate a web application from a Slackware config of Apache to a CentOS 7 one. DocumentRoot set to /home/STORAGE and there is a simple index.html file in it for testing. Both /home/STORAGE and index.html have 777 permissions set, yet Apache reports :
access to /index.html denied ... because search permissions are missing on a component of the path.
On the other hand, phpMyAdmin works fine, configured with a separate .conf file in /etc/httpd/conf.d . I tried using their example to make a .conf file for my app, but it still reports the same error. I don't even know where to start looking here.
EDIT:
I think this has something to do with the user of Apache. It is set to a local user in httpd.conf not to root, but the only pages the server serves are those in directories owned by root.
It was not a permission error but a Selinux issue. I decided to use the default /var/www/html for the application but still, had to allow write access to some dirs. Here is what I typed:
sudo chcon -t httpd_sys_rw_content_t /some/dir/in/var/www/html -R
The first time I typed it without -R and the permissions didn't change (check with ls -Z /dir/path). Now it is fine.
I'm newbie in the web development, and I'm trying to make a website. So, my website works fine on the server but not on my own (Apache). My sources are in ~/public_html/. The problem is I don't have permissions on the sub/sub directory, I mean, when it's a directory, it works fine, when it's directory in a directory, it doesn't. (403 Forbidden). I don't change my default Apache configuration excluding for include mysql and php.
All my directories have the same permissions. Maybe I need to configure something for that?
Thanks
I used this little script found at this link http://boomshadow.net/tech/fixes/fixperms-script/
Fixperms – for one single user
To use the fixperms script, simply log into your server as root, wget the file from our server, then run it. Type in the cPanel username and it will run only for that particular account.
It does not matter which directory you are in when you run fixperms. You can be in the user’s home directory, the server root, etc. The script will not affect anything outside of the particular user’s folder.
Should be done in SSH
root#example [~]# wget boomshadow.net/tools-utils/fixperms.sh
root#example [~]# sh ./fixperms.sh -a USER-NAME
Fixperms – for all of the users
If you would like fix the permissions for every user on your cPanel server, simply use the ‘-all’ option:
root#example [~]# wget boomshadow.net/tools-utils/fixperms.sh
root#example [~]#sh ./fixperms.sh -all
I am interested in setting up a local php testing / development environment using the lamp stack.
I would like to use the php plugin for eclipse (I typically work with java and am very familiar with eclipse).
First of all, is it proper practice to develop my site locally directly within the apache /var/www directory?
If this is ok, can somebody describe how to properly set the permissions of the www directory so that eclipse (not being run as root) has access to read/modify php files within that directory?
This is strictly for local development so I assume security isn't as high of an issue.
It doesn't matter, I personally placed it in /var/www/ and put it under the www-data group, and placed my username into the www-data group.
You add yourself into the group with:
sudo usermod -a -G www-data <username>
Change the group to www-data just in case you haven't:
sudo chgrp -R www-data /var/www
Get new files to inherit the permissions (750)
sudo chmod -R 2750 www-data /var/www
Some people prefer to put it in /home/username/www/ which would be easier.
If you prefer to put it somewhere else, like your Eclipse workspace directory, you can change Apache's DocumentRoot (or create a VirtualHost with a different DocumentRoot). Edit Apache's httpd.conf file, and add this at the end:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mytestserver.localhost
DocumentRoot /path/to/project/dir
</VirtualHost>
The *s can be left as-is; that means they will work regardless of your IP address.
The ServerName can be anything you want, as long as you add a corresponding entry in your /etc/hosts file, e.g.:
127.0.0.1 mytestserver.localhost
I often make all my local servers end in ".localhost", just as a convention.
Finally, restart Apache. Then you can access the server at http://mytestserver.localhost. Repeat as necessary to use multiple virtual hosts, each pointing to a different project.
As long as the files can be read by everyone, which is usually the default, you should be fine.
It's definitely possible to work on your site directly in your server's /var/www/ directory. however, it's probably better practice to setup a local environment (using something like XAMPP) to edit your website on a development machine and then upload it to your live server when it's ready. that way you don't introduce any bugs or errors into the live site temporarily.