Ubuntu Servers :: Group Permission On Dir And Files For Apache
Mar 5, 2011
Me and 2 others are working on a website (Bob, Mike, and Joe). We made a group called developers and each of us are in the developers group. The Apache server runs as www-data. When we upload files, the file owner is the users name and the group is "developers".
/etc/group has the following
Code:
www-data:x:33:
bob:x:1000:
mike:x:1001:
[Code]....
I have always just set everything to 775 and just called it good. Well I don't want to wake up to a Russian political message plastered all over the site. It's time I do things properly.
I have an apache installation with /var/www/bob as the document root and the only site served up. I have bob as the directory's owner, and he is able to upload his files to that folder via ftp (vsftpd on the server). When a browser tries to access the pages, it simply gets a 403 forbidden. The problem occurs when apache2 tries to access the files bob uploads. The www-data user (Apache daemon) gets permission denied when I try to cat bob's files in the shell, so it's purely a permissions issue. What I can't figure out is how to give the Apache daemon the ability to read bob's files while also making certain it does not have the ability to modify any of them.
I recently started using SVN with Apache for my web development, although I find it really annoying that I have to issue two SVN commands (one local, one remote) to update my web site. I have been looking into SVN post-commit hooks to solve this problem. The only problem is that apache does not have permission to modify files in my user directory... So here is how everything is setup. I am running Slackware 13 full install. There have been no installations overriding any of the default installs.
i use virtual hosts to develop several web applications. These are located in my home folder under /home/user/projects/project After a fresh installation, i always get a 403 forbidden error. After googling and reading on this forum, several solutions are mentioned for this problem. But i can hardly believe putting using a chmod 755 on my home folder is a correct solution. What is the correct way of doing things in this situation?
I just set up an VPS with ubuntu. I made a user1 and gave it ownership
Code: chown -R user1 /home/www
This user also have been given all the root privileges (I know it is not recommended!)
The problem is that each time I make new site, and user1 wants to upload (through ftp) files to /home/www/newsite I need to redo the the above command in order to be enable user1 to upload. Not only this, I need to rework permissions (744 for folders and 644 for files), otherwise the newsite throws permission errors message.
i want secondary users can able to change the files permissions of primary group?user MAC is having www as a primary and httpd as secondary group. But he want to change the file permissions (chmod) httpd group files. Is it possible or not? I think its not possible. If it`s possible then let me know how?
On an Apache2 server someone else setup, I have a folder with drwx--x--x permission and the php file can still write in the folder. But on my own setup, I need to set the same folder to drwx--x-wx. Inside the folder, I have a index.php that runs just by setting rwx--x--x but on my own setup, I need to allow read permission for others/group before it can run: rwxr-xr-x (or else I get a blank page). I tried changing the folder and files to root but it's the same.
I have set up a very basic apache server to host my own website (have not set up sql or database or php yet) and I am trying to find out how to fpt or copy my website. I am creating the site in windows and need to know how to transfer it to the server, preferably into the /var/www folder directly.
Code: include virtual="test.txt" I have tried following the advice in this thread http://ubuntuforums.org/showthread.php?t=1510098 but it makes no difference. The file is there, but the line is delivered to the browser as-is. Using Lucid and a new install of apache 2.2 from the repository.
My apache ignores index files (index.php ,index.html ,index.htm , ...) and while these files exists in directory apache lists directory content!I mean http://localhost/test/ lists directory content instead of showing index.php!
I've got a problem with groups on linux (slackware). I'm trying to ssh from one computer into another to do some work, but I'm running into permission issues.
If I do the work locally as a user If I do the work with ssh as root If I do the work with ssh as a user ;(
Both computers are mine. (By locally, I mean physically sitting by that computer logging in the normal way.) When I log in locally as a regular user I'm a member of the following groups: 'users floppy audio video cdrom' But when I ssh into the same computer, being the same user, I'm only a member of the group: 'users'
Q1. What gives? Where/How can I change this?
Q2. Also, where do linux/slackware store the group information? According to /etc/group I'm only member of 'users'. Where does it keep the info that I belong to 'users floppy audio video cdrom'?
I would like to change the permissions for a directory and all files inside the directory how do I do this? The website is located only on my local network so I am not worried about security. Also what would be the optimal permissions for running wordpress.
I'm using ubuntu 11.04, I'm having some problem of ownership while sharing folder/files. to share i change the folder share option:1. Share this folder, then followed by 2.allow others to create and delete files in this folder3. guest access.Now if someone in my local network edit any file and save it, it gets locked. if some one copy their file in this folder the permission is marked as "no group" "no owner". and they get unaccessible to me. i tried doing chown <user> <folder> but it says Operation not permitted. Now how i can possibly share my folder on local network so that they can be edited by others without getting locked down , if they copy files i can able to modify them.
I've installed slax6 onto an ext3 partition and setup a users account, i've also just managed to mount some virtualbox shared folders which are working and i can access them fine. The problem is I cannot seem to give limited user accounts access to them. root can access them no problem! but right clicking and changing the permissions do nothing, because once I click apply, reopen the menu, the changes have reverted. I've tried chmod'ing them.. chmod o=rwx /mnt/folder I used 'o' because I can't seem to change the group permission for the folder. The shared folder I am mounting is formatted in NTFS and the other in ext3, I can't change the permissions of either.
How would i write a command that can find all the objects under the etc directory that have group write permission enabled and have not been accessed in the last X days. This is what i got from internet souce but i m not able to modify it according to my distribution. find /etc -perm -0070 -a -mtime +X ! -type l?print Here is the exact statement from link i m referring to.
I'm having an odd problem (although I'm probably missing something obvious to a non-semi-newbie):I have a directory used for samba shares which is owned by user fred, a system user which the windows clients on my network authenticate with to access the shares. I, roger, want to access the directories without having to put my 'sudo boots' on every time, so I made the directory group users and added roger to that group, and changed the file/folder modes from 0755 to 0775.However I still do not have write permissions inside the directory; I still seem to be considered 'other' and hence only have read and execute.
Well, this is a problem that keeps on coming, and I never found a solution: Maybe it is just me misunderstanding how it should work, but:
1) do you confirm that, as a member of the group "fuse", I should be able to read the file? 2) of course, I could change the permission of the file, or read it as sudo, but sometimes this is not possible. how to achieve it then?
I have a file the owner is root:root ( mode is 644 ), I want to release read & write permission to a non root user ( eg. admin_usr ), I tried to create a specific group ( eg. ADM ) and release it to root user and admin_usr ( by adding this users to ADM in /etc/group ) , but it is not work, if preserve the file mode to 644 , is it ok? how to do it if I want to have read & write permission in my case ?
i want to set permission type "write" on a file to a particular user in a group of users ( not all users in that group). chown is changing a user to root , but i want to set say permission of "write" only to a user 1 in group staff which contains 10 users 1 , user 2 ...user 10.
With F11 installed Apache is having permissions issues reading files out of the html directory. Only wants to work with permissions set to read for other. [Thu Jun 11 23:25:28 2009] [error] [client 127.0.0.1] (13)Permission denied: file permissions deny server access: /var/www/html/index.html Tracked down the permissions issue. Is there a good reason not to change the group to apache and remove world read?
I've got an apache-svn server up and running fine but I'm struggling with an irritating problem. I need the apache server to display .vbs, .cs., vb., .sh, .pl., .c, .h, .cpp, etc, etc files in the browser. Whenever our users click on a script they get a download dialog instead of the script being displayed in the browser as plain/text. I have added:
Code: AddType text/plain .vbs Into /etc/apache2/mods-enabled/mime.conf but it seems to be getting ignored. how I can tell apache to treat script files as plain-text?
I am installing Big Brother on a CentOS 5.2 running the default Apache 2.2.3. When I try to access any web page I get the following error: Forbidden You don't have permission to access /bb/ on this server. Apache/2.2.3 (CentOS) Server at fmsubbnix Port 80 So far I have:
1) Set the Directory options to FollowSymLinks 2) Verified all directory and file permissions are at 755 3) Set permissions temporarily to 777 and received same error so I am assuming the issue is in a config file somewhere 4) in hhtpd.conf verified <Files ~ "^.ht"> is correct 5) verified the "default" directory is correct (/var/www/html)
I have read and tried several ideas in posts listed on the web but to no avail and am at a loss as to what to look for next..
I'm trying to do something like thisi created a group called www and made this group the owner of the directory/var/www/htmlso i can read and write to it.of course I've add my self to this group, but it seems i can't read and write.the syntax i used was something like chown :www /var/www/html.didn't workonly when i used chown samurai:www /var/www/html i could finally could create new file.the reason i don't want to specify the user name is because I'm thinking of a scenario when i need to give permission to a large group of ppl and don't want to do it user by user.
I am trying to setup my webserver and I am trying to make a website to run under suexec but somehow I cannot start my apache it directly fails and SELinux is giving me errors and don't really know what to do with it, it is giving me some command to type but not sure if this will make my server less secure. The SELinux error is as follow:
Code: Summary: SELinux prevented httpd reading and writing access to http files.
Detailed Description: SELinux prevented httpd reading and writing access to http files. Ordinarily httpd is allowed full access to all files labeled with http file context. This machine has a tightened security policy with the httpd_unified turned off, this requires explicit labeling of all files. If a file is a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in order to be executed. If it is read-only content, it needs to be labeled httpd_TYPE_content_t, it is writable content. it needs to be labeled httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the chcon command to change these contexts. Please refer to the man page "man httpd_selinux" or FAQ [URL] "TYPE" refers to one of "sys", "user" or "staff" or potentially other script types.
Allowing Access: Changing the "httpd_unified" boolean to true will allow this access: "setsebool -P httpd_unified=1"
Fix Command: setsebool -P httpd_unified=1
I will write down how I did setup my server so maybe you can see a mistake I did. First I changed my Apache httpd.conf I added the following to it: Code: NameVirtualHost 192.168.1.2:80 <VirtualHost 192.168.1.2:80> ServerName localhost DocumentRoot /var/www/html DirectoryIndex index.html index.html index.shtml index.php </VirtualHost>
Then I created the username "ulyaoth" with the group "ulyaoth" as I specified with my suexec, then I created all the directories as specified in my httpd.conf and "chown ulyaoth:ulyaoth (dirname)" them to the right group and username.
What would be the effect of setting ProFTPd's user and group to the same user and group that Apache use? Are there any security risks in doing this, or is this safe to do?
