Folder permissions for web folders
Moderator: General Moderators
-
impulse()
- Forum Regular
- Posts: 748
- Joined: Wed Aug 09, 2006 8:36 am
- Location: Staffordshire, UK
- Contact:
Folder permissions for web folders
I'm struggling to see what permissions and groups and owners I should be settings on folders that are accessed by Apache. 777'ing the folders sometimes solves the problem and sometimes the problem is unsolvable. Any help appreciated.
Regards,
Regards,
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Look for "httpd".impulse() wrote:I've been trying to find out. I've ran 'top' but the process doesn't show and I'm not sure how to search for processes in top. And running 'ps ax' doesn't show what user is running the process. Can you advise how to find out?
EDIT | It's in your httpd.conf (or apache2.conf or whatever your main conf file is) too. The "User" directive.
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Apache runs with two credentials. The first is the UserId itself, the second is the GroupId. Directory permissions have privileges set for "user", "group" and "other". You can:impulse() wrote:So I should run 'chown <folder> apache' on all web folders?
1. Do as you have been doing and 777 them which sets full permissions on user, group and world.
2. chown them to the apache user directly, (but as a result you'll lose the ability to delete the directory yourself!)
3. chgrp them the the apache group directly, then chmod 774 so both yourself, and anyone in the apache group (i.e. apache) have full permissions but nobody else does.
A bit after-the-fact, but an easy way to find out what user the webserver runs as is this:
I usually set my web files as owned by myself - both as user & group, & give the server & world read privileges. Any particular folders or files that the server needs to modify, I then deal with on a case by case basis. I don't like to give the webserver's user carte blanche with any files.
Code: Select all
<?PHP
`whoami`;
?>Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
-
impulse()
- Forum Regular
- Posts: 748
- Joined: Wed Aug 09, 2006 8:36 am
- Location: Staffordshire, UK
- Contact:
I've just changed the permissions of /var/www/usage to the following:
-rwxrwxrwx 1 apache apache 2727 May 7 23:23 ctry_usage_200705.png
-rwxrwxrwx 1 apache apache 2720 May 7 23:23 daily_usage_200705.png
-rwxrwxrwx 1 apache apache 1803 May 7 23:23 hourly_usage_200705.png
-rwxrwxrwx 1 apache apache 3783 May 7 23:23 index.html
-rwxrwxrwx 1 apache apache 1478 Jul 13 2006 msfree.png
-rwxrwxrwx 1 apache apache 70362 May 7 23:23 usage_200705.html
-rwxrwxrwx 1 apache apache 2330 May 7 23:23 usage.png
-rwxrwxrwx 1 apache apache 1253 Jul 13 2006 webalizer.png
But still I'm getting forbidden when trying to access these.
-rwxrwxrwx 1 apache apache 2727 May 7 23:23 ctry_usage_200705.png
-rwxrwxrwx 1 apache apache 2720 May 7 23:23 daily_usage_200705.png
-rwxrwxrwx 1 apache apache 1803 May 7 23:23 hourly_usage_200705.png
-rwxrwxrwx 1 apache apache 3783 May 7 23:23 index.html
-rwxrwxrwx 1 apache apache 1478 Jul 13 2006 msfree.png
-rwxrwxrwx 1 apache apache 70362 May 7 23:23 usage_200705.html
-rwxrwxrwx 1 apache apache 2330 May 7 23:23 usage.png
-rwxrwxrwx 1 apache apache 1253 Jul 13 2006 webalizer.png
But still I'm getting forbidden when trying to access these.
-
impulse()
- Forum Regular
- Posts: 748
- Joined: Wed Aug 09, 2006 8:36 am
- Location: Staffordshire, UK
- Contact:
I'm not sure what went wrong, the permissions of the file and all containing folders were set to 777 and I was getting a forbidden error. I deleted the files and uploaded them to the server from a basic user via FTP and then changed the ownership of the folder the the FTP user and moved the files from the home directory to the web folder in bash with the FTP user I had used and it all worked OK.
I'm not an expert on groups, owners & permissions so I can't identify what the exact problem was.
I'm not an expert on groups, owners & permissions so I can't identify what the exact problem was.