Linux / Apache Permissions

Question

LloydFarrell 0 Junior Poster

14 Years Ago

Hi, I am new to Linux and I have a wee problem i think this forum can help me with -

I have a script that uploads a users profile image successfully to a folder and successfully storing the image path to a mysql database.

The problem im having is when that user logs in, he / she is unable to view their profile image ??

I have been wrecking my head to why this is happening.

I have a dedicated server running CENTOS v5 Linux -

The above script works great when local via wampp -

through my script i an using mkdir("uploaded/$lastid", 0755);

the image uploads and the directory is created but I am unable to view any images ??

Any help or pointers to this would be muchly appreciated,

How can I create a group locally on the live server and add the local apache user to that group and set permissions that will enable members to view their profile image.

apache

2 Contributors
8 Replies
271 Views
1 Week Discussion Span
Latest Post 14 Years Ago Latest Post by rch1231

rch1231 169 Posting Shark

14 Years Ago

There are a couple of things that might cause it but my best advise is to go look a the apache logs and see what the error is when they log in. They are notmally kept in: var/log/httpd/<site name>-access_log and /var/log/httpd/<site name>-error_log

One other question is who owns the directory the file is posted to and what are it's permissions?

How does the user login? (ssh, php script, html, etc.)

rch1231 169 Posting Shark

14 Years Ago

Hello,

If you do a listing of the /var/www/html directory you will see something like

[root@srvr4 ~]# ls -la /var/www/html
total 44
drwxr-xr-x  7 root   root    4096 Jun 24 22:32 .
drwxr-xr-x  9 root   root    4096 Apr  4 16:22 ..
drwxr-xr-x  8 cherry apache  4096 May  5 19:41 cherryoak1.com
drwxr-xr-x  8 cherry apache  4096 May 24 02:58 cherryoak.com
drwxr-xr-x  9 cherry apache 12288 Apr 16 23:11 cherryoak.net
drwxr-xr-x 10 root   root    4096 Jun 24 22:32 txlinux.com
drwxrwx---  6 apache apache  4096 Jun 24 22:24 vegadns

The d at the front of the line tells you it is a directory.
The three sets of rwx are the permissions for Owner, Group and World.
For the directory cherryoak.com the owner is cherry and the group is apache.

Normally you will have a directory for each domain on the server like on my test server directory listing above and in that directory you put the index file and any download directories. In the listing below the "images" directory is where images are posted to and if you notice it has rwxrwxrwx or read, write and executer permissions for everyone.

[root@srvr4 ~]# ls -la /var/www/html/cherryoak.com
total 448
drwxr-xr-x 8 cherry apache   4096 May 24 02:58 .
drwxr-xr-x 7 root   root     4096 Jun 24 22:32 ..
drwxr-xr-x 5 cherry apache   4096 May 24 02:57 calendar
-rw-r--r-- 1 cherry apache  25014 May 24 03:02 categorieslist.php
-rw-r--r-- 1 cherry apache  10497 May 24 03:02 cherryoak.css
-rw-r--r-- 1 cherry apache    969 May 24 03:02 footer.php
-rw-r--r-- 1 cherry apache   4628 May 24 03:02 header.php
drwxrwxrwx 2 cherry apache   4096 May 24 02:57 images
-rw-r--r-- 1 cherry apache   3967 May 24 03:02 index.php
-rw-r--r-- 1 cherry apache   6531 May 24 03:02 inventory_image_name_bv.php
-rw-r--r-- 1 cherry apache  47656 May 24 03:02 inventorylist.php
-rw-r--r-- 1 cherry apache    204 May 24 03:02 userfn7.php

Check and see who the owner of the directory you are trying to post to is and what are the permissions really set to. I noticed in your command you had the post directory in /var/www/html instead of under a domain. May not make a diference. If you can post the directory listing here I should be able to help.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

LloydFarrell 0 Junior Poster · Answer 1 · 2010-06-20T16:51:11+00:00

I have uploaded a screen dump of how the permissions are set -

Any pointers would be very much appreciated -

LloydFarrell 0 Junior Poster · Answer 2 · 2010-06-20T20:36:38+00:00

Hi, thanks for your poniters about the error logs -

The script is built in php - and all users login via a php script that has session data included.

I am a bit confused with your question ? Who owns the directory the file is posted to ??

I am unsure how to answer your question ?

When a new member joins the website, a folder is created using the last_id from the database ie. members/uploaded/999/imagename.jpg

I have connected via ssh and set the following permissions I have read about -

chown -R apache.apache /var/www/html/uploaded
chmod 770 /var/www/html/uploaded
chmod -R g+rw /var/www/html/uploaded

My understanding of the above is setting the local apache user access to /uploaded and using the -R switch to propergate permissions to all folders in the directory /uploaded.

I would be greatful if you could reply with your thoughts on the above permission setting & I will have a look through the logs.

Many thanks
Lloyd

LloydFarrell 0 Junior Poster · Answer 3 · 2010-06-27T12:08:33+00:00

Hi Many thanks for replying -

You have give a great example that I can learn from,

Just one question before i post directory listing as you asked,

Does each member registering with the website require to be a member of a "group"

may be a daft question, but I am new to apache and im just grasping the idea of permissions -

rch1231 169 Posting Shark · Answer 4 · 2010-06-27T18:19:01+00:00

Since the httpd daemon is managing your web sites and running as the user apache (or on some systems nobody) then anything they do is created, written or run by the user apache. That user needs access to read and write to the directory in question. Hope that helps... It does not matter what name they use to connect via the web page they are still all just apache to the server when they come in via browser.

LloydFarrell 0 Junior Poster · Answer 5 · 2010-06-29T19:23:46+00:00

Hi thanks for replying and explaining in some more detail -

I have been going round in circles for days / weeks - In my register script i have the following code -

$dest = "../../images/uploaded/$lastid";          
$user_name = "ftpsiadmin";
mkdir("../../images/uploaded/$lastid",0777);
chown($dest, $user_name);

The problem im facing atm is - do i create a group and add the ftpsiadmin & apache users to the same group. If so ? how do i create a group ??

I have been trying to use addgroup groupname but I continualy get an error message saying "that command can not be found"

or can I just change the user_name in the above code to be "apache" -

I have been trying to edit the folder permissions with the following -
I am logging in with root access via SSH - and running the following commands

chown -R apache.apache /var/www/html/uploaded
chmod 770  /var/www/html/uploaded
chmod -R g+rw /var/www/html/uploaded

Do both chmod need to be the same ? as in my first piece of code and chmod my directores.

Any additional help would be great,

Many thanks

rch1231 169 Posting Shark · Answer 6 · 2010-07-03T18:05:46+00:00

chmod can be trick to figure out till somebody passes this on to you. Each character has a specific number value. r=4, w=2 and x=1. To set the permissions for rw-rw-rw you add 4+2+0, 4+2+0, 4+2+0 and get chmod 666 filename. To set rwxr-xr-x it would be 4+2+1, 4+0+1, 4+0+1 or chmod 755. SO chmod 770 sets it to rwxrwx--- so directory is read write execute for the owner and group but cannot be read or written to by eveyone else. The next step with the -R recursively changes the permissions on every file and directory below /var/www/html/uploaded. I am curious as to why you are creating individual users on the server. Look into .htaccess in apache and how you can use it to limit access to specific directories and files depending on the users connection via apache.