Folder permissions for web folders

Whether you are using Linux on the desktop or as a server, it's still good that you're using Linux. Linux related questions go here.

Moderator: General Moderators

Post Reply
impulse()
Forum Regular
Posts: 748
Joined: Wed Aug 09, 2006 8:36 am
Location: Staffordshire, UK
Contact:

Folder permissions for web folders

Post by impulse() »

I'm struggling to see what permissions and groups and owners I should be settings on folders that are accessed by Apache. 777'ing the folders sometimes solves the problem and sometimes the problem is unsolvable. Any help appreciated.

Regards,
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

What userid does apache run under?
impulse()
Forum Regular
Posts: 748
Joined: Wed Aug 09, 2006 8:36 am
Location: Staffordshire, UK
Contact:

Post by impulse() »

I've been trying to find out. I've ran 'top' but the process doesn't show and I'm not sure how to search for processes in top. And running 'ps ax' doesn't show what user is running the process. Can you advise how to find out?
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

impulse() wrote:I've been trying to find out. I've ran 'top' but the process doesn't show and I'm not sure how to search for processes in top. And running 'ps ax' doesn't show what user is running the process. Can you advise how to find out?
Look for "httpd".

EDIT | It's in your httpd.conf (or apache2.conf or whatever your main conf file is) too. The "User" directive.
impulse()
Forum Regular
Posts: 748
Joined: Wed Aug 09, 2006 8:36 am
Location: Staffordshire, UK
Contact:

Post by impulse() »

So I should run 'chown <folder> apache' on all web folders?
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

impulse() wrote:So I should run 'chown <folder> apache' on all web folders?
Apache runs with two credentials. The first is the UserId itself, the second is the GroupId. Directory permissions have privileges set for "user", "group" and "other". You can:

1. Do as you have been doing and 777 them which sets full permissions on user, group and world.
2. chown them to the apache user directly, (but as a result you'll lose the ability to delete the directory yourself!)
3. chgrp them the the apache group directly, then chmod 774 so both yourself, and anyone in the apache group (i.e. apache) have full permissions but nobody else does.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

A bit after-the-fact, but an easy way to find out what user the webserver runs as is this:

Code: Select all

<?PHP
`whoami`;
?>
I usually set my web files as owned by myself - both as user & group, & give the server & world read privileges. Any particular folders or files that the server needs to modify, I then deal with on a case by case basis. I don't like to give the webserver's user carte blanche with any files.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
impulse()
Forum Regular
Posts: 748
Joined: Wed Aug 09, 2006 8:36 am
Location: Staffordshire, UK
Contact:

Post by impulse() »

I've just changed the permissions of /var/www/usage to the following:

-rwxrwxrwx 1 apache apache 2727 May 7 23:23 ctry_usage_200705.png
-rwxrwxrwx 1 apache apache 2720 May 7 23:23 daily_usage_200705.png
-rwxrwxrwx 1 apache apache 1803 May 7 23:23 hourly_usage_200705.png
-rwxrwxrwx 1 apache apache 3783 May 7 23:23 index.html
-rwxrwxrwx 1 apache apache 1478 Jul 13 2006 msfree.png
-rwxrwxrwx 1 apache apache 70362 May 7 23:23 usage_200705.html
-rwxrwxrwx 1 apache apache 2330 May 7 23:23 usage.png
-rwxrwxrwx 1 apache apache 1253 Jul 13 2006 webalizer.png

But still I'm getting forbidden when trying to access these.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Check the containing folder
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
impulse()
Forum Regular
Posts: 748
Joined: Wed Aug 09, 2006 8:36 am
Location: Staffordshire, UK
Contact:

Post by impulse() »

I'm not sure what went wrong, the permissions of the file and all containing folders were set to 777 and I was getting a forbidden error. I deleted the files and uploaded them to the server from a basic user via FTP and then changed the ownership of the folder the the FTP user and moved the files from the home directory to the web folder in bash with the FTP user I had used and it all worked OK.
I'm not an expert on groups, owners & permissions so I can't identify what the exact problem was.
Post Reply