35

I know file permissions have been covered on here before, but im struggling to get my head around the concept for my scenario.

  • I created the files on an old ubuntu installation.
  • Ive copied the files into my new ubuntu installation and put them in my webroot.
  • When i attempt to run the files (theyre PHP files) i get an error relating to permissions

in an attempt to fix this, i assumed that they must still be owned by the previous owner, so i ran chown -R on the directory, with my username as an argument, in order to take ownership of all of the files in the directory. It should be noted that the usernames between new and old ubuntu installations were the same.

When i attempt to run the files again, same problem: 500 error due to permissions problems. Can anyone tell me what other steps i should take?

The webroot for my apache installation is inside my home folder. If i create new files in my webroot, they also work as expected, its only the old files that are causing the problem.

Lekensteyn
  • 174,277
richzilla
  • 12,045
  • Ok, i have solved my problem of the files not executing, but i did it by simply running chmod -R 777 dir on the directory in question. I cant help thinking theres a better way of doing it though – richzilla Feb 17 '11 at 18:47
  • 4
    777 permissions in a file will allow everybody to write your files which may result in damage to your pages or hacking. You should try with 755 which is normally used for php files. Make sure you don't require to enable the "allow execution" for a file, in which case you can run chmod [filename] -x. Information about the chmod command can be reached by clicking the next link: http://catcode.com/teachmod/chmod_cmd.html – Geppettvs D'Constanzo Feb 17 '11 at 19:38
  • What does the Apache error log show? – Kees Cook Feb 18 '11 at 06:44
  • I'm not sure that file permissions are copied when the file is, can someone confirm that? Otherwise, would it be possible to give the files to some other user (or root), and then reclaim them? – Tagger Feb 17 '11 at 18:27

4 Answers4

45

If your server documents are in /home/$USER/public_html directory you need to run

sudo chown -R www-data:www-data /home/$USER/public_html

to give ownership of the DocumentRoot folder to the user www-data and group www-data.

Then you can add yourself to the group www-data

sudo adduser $USER www-data

Finally, you need to make the DocumentRoot folder writable by owner (www-data user) and to your self (as part of the www-data group):

sudo chmod -R 775 /home/$USER/public_html

For convenience you can make script named public_html_fix.sh with content:

#!/bin/bash

sudo adduser $USER www-data
sudo chown -R www-data:www-data /home/$USER/public_html
sudo chmod -R 775 /home/$USER/public_html

Save it inside /home/$USER/bin and make it executable using:

sudo chmod +x /home/$USER/bin/public_html_fix.sh

Then you call it whenever you need, from wherever on the file system you happen to find yourself like this:

public_html_fix.sh
Zakaria Acharki
  • 103
Marko
  • 844
15

The directories above your webroot should have the execute bit set to allow Apache descend into the directories.

If you have your webroot located at /home/user/htdocs, the /, /home, /home/user and /home/user/htdocs should have the execute bit set.

The above solution "works", but it's not ideal. If you've created a folder, Apache cannot write to it. The reverse happens too.

This can be "fixed" by setting umask 0007 and adding yourself to the Apache group (www-data if I'm not mistaken), so that newly created files and folders are writeable by the group.

Alternatively, you can install an alternative Apache MPM: Apache2 MPM ITK (info on configuring) and adjust the configuration so Apache runs under your user.

Lekensteyn
  • 174,277
1

Apart from chmoding files and editing apache .conf files, I want to say that nothing worked for me because my files were on a partition that I had auto-mounted via nautilus. This limits the partition for your user only.

To check if your files are visible by www-root or whatever user runs apache (run ps -aux | grep apache2 to check), run the following command:

sudo su -l www-data -s /bin/bash

and try to read a file from your document root.

If the file is not readable check that:

1) you have set all other file permissions

2) you have used FollowSymlinks in your .conf files if needed

3) you have set up DocumentRoot

3) mount your partition for all users. I had to edit /etc/fstab and specify my partition via its UUID:

UUID=afdee1d3-5bb8-4652-892f-e83a9b5ff72e /mnt/4tb      ext4    rw,nosuid,nodev,errors=remount-ro

Then unmount your partition via nautilus and do a sudo mount -a. If all goes well your files are now under /mnt. Update your symlinks and you're good to go.

alexg
  • 764
  • 7
  • 16
1

The best way I have found to always set this up is the way VirtualMin does it.

create user and group "myhome"

Make apache user a member of group "myhome". Not the other way around like some of the explanations here describe

So now apache has read and execute access to /home/myhome in addition to /home/myhome/www

"myhome" user has write access

user458431
  • 11
  • I like this concept, but it doesn't seem to be working for me. User www-data belongs to group myhome. All files and directories have group write permissions and belong to myhome:myhome. I restarted apache. Apache still can't write new files and folders. (PHP script using www-data:www-data user/group) – squarecandy Aug 05 '17 at 23:00