Member Avatar for NardCake

Hello! So I've always had trouble with permissions/directory ownership and I can't figure this out...
I have my apache directory in my home directory (/home/apott/www). I can edit files over FTP and such which is fantastic but I apache doesn't have permission to access the files... I can give it permission but it seems to only work for what's in the directory at that time, and once I add something new, it doesn't have permission.

So I need the ultimate solution... (I didn't mean to make that sound uhh... just nvm xD)

  1. I need to be able to edit files in this directory.
  2. Apache needs to be able to access all the files.
  3. My CGI applications need to be able to access some files. (this isn't VERY important as I can place files elsewhere I suppose...)

I apologize for my lack of knowlege in this department but any help is very much appreciated!
Thanks!

  • 3 Contributors
  • 7 Replies
  • 201 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by NardCake
Member Avatar for onsponge

heyhey not too sure about this, but have you tried changing the ownership of the directory recursively?

chown -R apott:www-data

perhaps?
sorry not much of a help =x

Edited by onsponge
Member Avatar for cereal

If this is not a production server, but only for testing, you can add your user to www-data group:

usermod -a -G www-data apott

If in this server there's another user added to the same www-data group he would have the ability to read or rewrite your code. The same happens with onsponge suggestion. I tend to use this approach when testing, but only because I'm using my box. So be careful with this solution.

In production context you should create a user and a group for each website, for example website123, or in your case apott, and then add the www-data user to the website group. That way the website user cannot access to the other websites scripts, but Apache can because is member of each group:

usermod -a -G website123 www-data

Regarding your CGI scripts you could use SuexecUserGroup:

or just follow the previous suggestions. Please, correct me if I'm wrong.

Member Avatar for NardCake

Okay guys, thanks for the help but I'm still having issues...
Okay cereal, this is what I have done: (This is production)
groupadd apott-site
usermod -a -G apott-site www-data
usermod -a -G apott-site apott

mkdir www
chgrp apott-site www

Apache still can't access files -.-
Thanks for any help though!

Edited by NardCake
Member Avatar for cereal

If the ftp user is not apott then add it to the apott-site group. That should fix the problem.

Edited by cereal
Member Avatar for NardCake

Maybe this isn't even the best setup for production?
I just want a good way to setup apache for production.

Member Avatar for NardCake

The ftp is working fine, I'm saying Apache is getting a 403 error cause it can't access the files.

Member Avatar for NardCake

I have to change the permissions everytime I add a file, is this really necessary?
Oops, sorry for triple post.
Thanks!

Edited by NardCake
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.