Read almost all questions here, but no solution found. This drives me crazy already to do such simple stuff to run PHP on my localhost...
You don't have permission to access this resource.Server unable to
read htaccess file, denying access to be safe
ls -l
-rwxrwxrwx 1 user user 51 sep 27 14:42 .htaccess
ls -l
drwxrwxr-x 2 user user 4096 sep 27 15:17 www
Any help appreciated!
Check if there is an .htaccess file inside the www folder (and its permissions), since Apache looks for one at every directory up to the one where the requested file exists.
I'm coming from an Apache on Windows server background, but in regards to the .htaccess file, you can also put a "AllowOverride None" in your section of your httpd.conf file. At least in Windows, this means nothing can be overridden, therefore no need to look for .htaccess files.
You can also add a line to tell Apache that the "AccessFileName" is blank. Here are the entried I'm speaking of from my config file. I'm running a XAMPP server on Windows.
DocumentRoot "C:/xampp/htdocs"
<Directory "C:/xampp/htdocs">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride None
Require all granted
</Directory>
AccessFileName ""
Related
I have a very strange permission problem with my Apache. Let's me explain what happened. We bought AWS EC2 instance and installed there AMI Centos 7 with Webmin image. Our Root path is /home/centos/public_html but unfortunately, we got information on the web 'You don't have permission to access / on this server'. Of course, I change access to the folder and all files, even on 777 and owner 'centos' user. Apache user is part of centos group. When I checked log file I got
[core:error] [pid 3872] (13)Permission denied: [client X.X.X.X:60088] AH00035:
access to / denied (filesystem path '/home/centos/public_html')
because search permissions are missing on a component of the path
On the public_html folder, we have default index.php to show us configuration of PHP and is not working.
<?php
phpinfo();
?>
Our http.conf looks like that:
User apache
Group apache
<VirtualHost *:80>
DocumentRoot /home/centos/public_html
ServerName our_domain
ServerAlias *.our_domain
<Directory /home/centos/public_html>
Options Indexes FollowSymLinks
DirectoryIndex index.php index.html welcome.php
allow from all
AllowOverride All
Require all granted
AddType application/x-httpd-php .php
</Directory>
</VirtualHost>
Following this suggestion Apache - Permissions are missing on a component of the path
I had run command:
sudo chcon -R --type=httpd_sys_rw_content_t /home/centos/public_html/
and nothing, any ideas, thank you in advance for any suggestions.
I have installed Apache version 2.4.29-1 in Manjaro Linux. The document root is /srv/http where apache properly displays files. But I don't like the idea of coding into the root user's directory of my system, so I want to keep the code in /home/aditya/Prog/PHP
I have set apache to access the directory by adding following lines into /etc/httpd/conf/httpd.conf
<Directory /home/aditya/Prog/PHP>
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
Allow from all
</Directory>
Also, I have added a link to this directory in /srv/http
sudo ln -s /home/aditya/Prog/PHP/ PHP #in /srv/http
But when I try to access localhost/PHP, I get
Access forbidden!
You don't have permission to access the requested object. It is either read-protected or not readable by the server.
If you think this is a server error, please contact the webmaster.
Error 403
localhost
Apache/2.4.29 (Unix) PHP/7.2.3
The permissions of /home/aditya/Prog/PHP and the test file inside are
drwxrwxrwx PHP
-rwxrwxrwx test.php
What else do I need to do?
You also need to change the DocumentRoot setting in your httpd.conf file.
Look for DocumentRoot and set the path to /your/path/to/project.
Apache2 site specific config files are kept in /etc/apache2/sites-available/. If you only want to apply config settings for a specific site.
I am using Fedora 24 on VirtualBox to host a small PHP web app. I am trying to append text into a file that is in the same local directory as the PHP file (/var/www/html/). No matter what kind of permissions or ownerships I try to set onto the directory (html/) or the file I constantly get "Permission denied in /var/www/html/pdf.php on line 21" errors.
Is there any configuration settings in my php.ini file that I need to enable to allow editing of files? I've even tried setting the directory and file to chmod 777 just to see if it would give me access but even that is being rejected.
EDIT: I have also tried creating directories and files in other locations with the same results. I tried to have Apache run the mkdir and touch commands with the same results.
EDIT 2: At the request of the comment left to my initial question. Here is the ownership information for the target directory:
ls -l /var/www/html/
drwxrwxr-x. 2 apache apache 4096 Nov 23 21:28 docs
The ownership information for the file:
-rwxrwxr-x. 1 apache apache 1381 Nov 28 17:47 pdf.php
Try assigning to www-data:nobody
chown -R www-data:nobody *, check apache group on your httpd.conf.
Verify /var/html perms to 775 at least.
Spent a lot of time looking for this answer but it's all in bits and pieces and no one every posts a solution (well most of the time) so here is my solution and it's used on various web control panels as well.
install and use MOD_RUID2
Install PHP with CLI (this is standard on newer versions)
In your HTTPD.CONF file in the virtual hosts, you'll add the following, replacing username with the user's login name, and usergroup with the user's group (These are usually the same)
<IfModule !mod_ruid2.c>
SuexecUserGroup username usergroup
</IfModule>
<IfModule mod_ruid2.c>
RMode config
RUidGid username usergroup
RGroups #none
</IfModule>
An example of a Virtual host conf is:
<VirtualHost *:443>
DocumentRoot "/home/imtheuser/public_html"
ServerName imtheuser.com
<IfModule !mod_ruid2.c>
SuexecUserGroup imtheuser imtheuser
</IfModule>
<IfModule mod_ruid2.c>
RMode config
RUidGid imtheuser imtheuser
RGroups #none
</IfModule>
<Directory "/home/imtheuser/public_html">
allow from all
Options None
Require all granted
</Directory>
</VirtualHost>
This will allow apache/php to write to a directory owned by the user. It's much safer then setting your chmod to 0777.
I'm having some issues with permissions when it comes to symbolic links on my apache2 webserver. I originally had a data/ in /var/www , but was it getting too large for the directory and I kept getting a partition full warning. I'd like to move the data/ folder to /home/processor/Documents/sandbox/www_data/
I moved all the data to www_data and created a symbolic link in /var/www
ln -s /home/processor/Documents/sandbox/www_data data
Checking the link:
:/var/www$ ls -l data
lrwxrwxrwx 1 processor processor 43 Mar 16 17:03 data -> /home/processor/Documents/sandbox/www_data/
An example of the data shows that all permissions seem reasonable to me:
:/var/www$ ls -l data/2/15/2015/8/25/10/54/wf/2_15_2015_8_25_10_54_11*
-rwxrwxrwx 1 processor processor 475643 Mar 16 16:58 data/2/15/2015/8/25/10/54/wf/2_15_2015_8_25_10_54_11.png
-rwxrwxrwx 1 processor processor 53539 Mar 16 16:58 data/2/15/2015/8/25/10/54/wf/2_15_2015_8_25_10_54_11_thumb.png
This is whats in between the <VirtualHost *:80> </VirtualHost> in my /etc/apache2/sites-available/000-default.conf:
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options FollowSymLinks Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
But when trying too access it from the site I get "Forbidden You don't have permission to access /data/2/15/2015/8/25/9/46/wf/2_15_2015_8_25_9_46_28.png on this server."
I've read through a bunch of threads and have chown www-data:www-data, I've chmod -R 777 everything, and changed my 000-default.conf to numerous varieties of the same thing, but nothing is working. I don't know where to go from here.
Any suggestions would be greatly appreciated.
Thanks
It has to do with the permissions of /home/processor. The entire path needs a certain degree of privileges and the home directory did not have them. The only thing that needed to be done was to allow access to read and execute
sudo chmod 755 /home/processor/
I'm configuring a multidomain web server using Apache virtual hosts and suEXEC (Centos 6.5, Apache 2.2.5 and PHP 5.3.3).
I want to prevent PHP to access folders/files above the website directory. I will explain step by step what are my settings and at last what's the problem.
This is the folder structure that I'm using:
/var/www/domain.com/public_html/
Inside /var/www/ I've got this:
drwxr-xr-x 2 root root 4.0K Aug 13 13:30 cgi-bin/
drwxrwxr-x 4 apache apache 4.0K Jan 28 09:16 site1.com/
drwxrwxr-x 4 apache apache 4.0K Jan 28 08:44 site2.com/
drwxr-xr-x 4 apache apache 4.0K Jan 30 11:08 site3.com/
and inside /var/www/site1.com/:
drwxr-xr-x 2 apache apache 4.0K Jan 30 10:16 logs/
drwxr-xr-x 3 user1 user1 4.0K Jan 30 11:08 public_html/
The virtual host definition for site1.com inside httpd.conf is:
<VirtualHost *:80>
ServerAdmin info#site1.com
DocumentRoot /var/www/site1.com/public_html
ServerName www.site1.com
ServerAlias site1.com
ErrorLog /var/www/site1.com/logs/error_log
CustomLog /var/www/site1.com/logs/access_log common
php_flag log_errors on
php_flag display_errors on
php_value error_log /var/www/site1.com/logs/php_errors.log
<Directory "/var/www/site1.com/public_html">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
SuexecUserGroup user1 user1
AddHandler application/x-httpd-php .php
Action application/x-httpd-php /cgi-bin/php-cgi
ScriptAlias /cgi-bin/ /var/www/site1.com/public_html/cgi-bin/
<Directory "/var/www/site1.com/public_html/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
But, I wrote and executed this php script (www.site1.com/test.php)
<?php
system("id");
print "<pre>";
system("ls /var/www");
print "</pre>";
?>
and I get:
uid=503(user1) gid=503(user1) groups=503(user1)
site1.com
site2.com
site3.com
That means that PHP can access any folder in my server (including /etc /var /usr, etc)
I'd like to prevent Apache/PHP to access all folders above /var/www/site1.com
How should I configure Apache?
I've done an extensive google research about this issue, but I couldn't find the solution.
Thanks a lot.
Running on production, you should really be using something like:
disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
in your php.ini file. Allowing things like system or exec represents a real security flaw.
You also want to use something like:
php_admin_value open_basedir /var/www/site1.com/
In your Apache vHost conf, to prevent PHP from overstepping its desired boundaries...
As it stands, I could upload a PHP file as user1 to /var/www/site1.com/public_html/attacker.php, that contains:
<?php
chmod("/var/www/site2.com", 777);
?>
Then, open up my browser and navigate to http://site1.com/attacker.php. Apache would pass this off to PHP quite happily, run it, and as Apache owns /var/www/site2.com is quite capable of changing the permissions.
Bam!
user1 can now access /var/www/site2.com/, as well as anyone else with a user account on that machine. It could then hijack the site, creating new files to host bitcoin mining operations, sell Viagra, etc., etc.
Note: Even if you trust your users not to do anything malicious, there's no guarantee that a third party can't gain access to their account and do something like this. Best way to deal with it is to contain a compromised account, so it can't do too much damage to the system at large.
For more info, check out:
http://php.net/manual/en/ini.core.php#ini.open-basedir
https://www.cyberciti.biz/faq/linux-unix-apache-lighttpd-phpini-disable-functions/