4

I've been stuck with this problem for a week now, browsing through various websites, I just can't seem to make this work.

I have Apache2 installed and a Wordpress website, located in a user's folder at /home/<user>/www.

Now the website works and all, but installing plugins from the webinterface (and anything else that requires write access - changing settings, uploading media, etc.) won't work, as wordpress (more like apache) doesn't have write access to those files.

the /home/<user>/www directory and everything beneath belongs to the user and the group <user>.

I've already tried multiple solutions, but none of them worked, including:

  1. Changing the owner of /home<user>/www to www-data:www-data. Alright - honestly, I didn't try this solution, as I don't want it. If you do this for all the users on the server, they will gain access to all folders, but they should only be able to access their home folder, not the others.

  2. Adding www-data to the user's group. I thought this might work, but apparently it doesn't. The www-data user is indeed in the user's group (checked with the id command), but it still doesn't seem to work.

  3. Setting an ACL on the user's home directory. Did that too and gave www-data rwx access to the home directory, and yet it still didn't help.

In case you're interested, the /home/<user>/ directory and all files/directories beneath have the 775 permission.

zx485
  • 2,426
Skrypt
  • 81
  • 1
  • 9
  • 1
    Solution 2 seems right. For groups to take affect a logoff/logon is required. I don't know if restarting the apache is enough here. – ukos Feb 05 '18 at 16:10
  • I've read that a login is required too, but I don't know how, as I don't know how to access the www-data user. It was automatically created by apache and I can't access it. Running /su www-data from my user's account requires a password which I don't know and running it from root tells me that the account is unavailable.

    I did restart apache though.

     – Skrypt Feb 05 '18 at 16:14
  • If sudo is available, have you tried sudo -u www-data command On my end it works perfectly. see https://pastebin.com/mFRQBrWR – ukos Feb 05 '18 at 16:28
  • Well, I used it and it still doesn't work.

    In your example, though, the directories are owned by www-data:www-data.

    I need my files to be owned by user1:user1 but accessible (rwx) by www-data.

    And the www-data user is part of user1's group. Changing the ownership of the wordpress website to www-data:www-data works, but that restricts the user to modify the files, if I don't add him to www-data. And if I do (and add a second user to that group too) they will be able to modify each other's files.

     – Skrypt Feb 05 '18 at 16:40
  • I checked it again. Only the files, I created in the above pastebin were owned by www-data:www-data. I created two dirs with $USER:$USER and $USER:www-data. Both are working. Check again, if you do not belive it. Please also paste the error. Otherwise we will not progress here. – ukos Feb 05 '18 at 16:45
  • Well, in wordpress, if I for example want to install a plugin, it asks me for FTP credentials. That should NOT happen - changing the ownership of all files to www-data:www-data (just for testing purposes) works and that message never occurs. It just appears with user:user, as www-data can't overwrite their files for some reason.

    Now, I went into the /wp-content directory inside the wordpress installation in order to show you that the www-data user can't access the files even though www-data is inside the user's "user" group.

    https://pastebin.com/DGYBwzLM

     – Skrypt Feb 05 '18 at 16:55
  • I do not see the same behavior here on my end.

    Anyway. You will need to give the wordpress plugin directory a www-data ownership anyway. Your users will not be able to mess with those directories as they are managed by www-data.

    Maybe you will find someone in chat to help you.

     – ukos Feb 05 '18 at 17:12
  • I see. Thanks anyways. I think I found out the reason why it doesn't want to work though - although I still don't have a solution. Wordpress only listens to USER permissions, it ignores the group permissions. Even after setting ownership to user:www-data to 775 (where user AND group should have full access) it didn't work. On the other hand, www-data:user worked - so it looks like wordpress/apache only checks for the user permissions. – Skrypt Feb 05 '18 at 17:22
  • Or your group is not yet in affect. – ukos Feb 05 '18 at 17:25
  • True. But how would I do that if I can't log in to www-data? I've googled that running id www-data groups www-data should be enough to take effect, or is that just for personal verification? – Skrypt Feb 05 '18 at 17:45

1 Answers1

4

Alright, so after continuing to struggle with it, I finally came across a solution that works for me.

Here is what I did: Let's say I had created a new user called dummy with his home folder located at /home/dummy and a folder dedicated for his web-presentation located at /home/dummy/www.

  1. Use sudo chgrp -R www-data /home/dummy/www to change the group of the www directory and all it's content to www-data (Apache's default user for web access.).
  2. Use sudo chmod -R g+wrxs /home/dummy/www to give the group www-data write,read and execute permission to the specified directory and it's content. The important thing here is the s part. This ensures that the group (www-data) takes over ownership over any file created inside the directory with the s parameter.

No need to add the user dummy to any groups at all.

Hope this helps if anyone encounters the same problem as me in the future.

EDIT: After some additional testing, this alone seems not to be enough. Apart from the two steps mentioned above, you also need to explicitly tell wordpress how to work with files by adding define('FS_METHOD', 'direct'); to the wordpress configuration file.

Also, for a more strict permission set-up, please see Step 5 in DigitalOcean's How To Install WordPress with LAMP on Ubuntu guide.

Skrypt
  • 81
  • 1
  • 9