I've done a server, but I'm receiving a bad message when I try to create a php file in "/var/www/html". It says: permission denied.
I've looked for a solution, but I don't want make "myuser" permission like "root" amd I have also read that it is a bad practice.
I've tried, with PHPStorm, to access to the server with SFTP, but in the end I however can't upload a file or create it.
Thank you before!
By default the owner of the files within /var/www/html is the www:data group. All you have to do is add your self to the www-data group.
sudo adduser <username> www-data
sudo chown -R www-data:www-data /var/www
The first line adds you to the www-data group, the second line clears up any files with messed up ownership.
See more about best practices here https://askubuntu.com/questions/46331/how-to-avoid-using-sudo-when-working-in-var-www
Hope this helps!
Related
I am trying to install RackTables on a Ubuntu Server 13. I have followed all the steps on the documentation. When I get to the step after I connect to the database I cant seem to figure out the ownership settings.
I have set up the database as follows :
mysql -uroot -p
create database racktables;
grant all on racktables.* to root;
grant all on racktables.* to root#localhost;
grant all on racktables.* to rackuser;
grant all on racktables.* to rackuser#localhost;
set password for rackuser#localhost=password('rackpw');
exit
Here is the step that I am stuck on;
RackTables installation: step 4 of 7
Please set ownership (chown) and/or permissions (chmod) of /var/www/racktables/inc/secret.php on the server filesystem as
follows:
The file MUST NOT be writable by the httpd process.
The file MUST be readable by the httpd process.
The file should not be readable by anyone except the httpd process.
The file should not be writable by anyone.
For example, if httpd runs as user "nobody" and group "nogroup",
commands similar to the following may work (though not guaranteed to,
please consider only as an example):
chown nobody:nogroup secret.php; chmod 400 secret.php
I have tried the
chown root:rackuser /var/www/racktables/inc/secret.php
chmod 400 /var/www/racktables/inc/secret.php
I cant figure out how to set up the permissions so that they fall into this category
The file MUST NOT be writable by the httpd process.
The file MUST be readable by the httpd process.
The file should not be readable by anyone except the httpd process.
The file should not be writable by anyone.
Please help. Any suggestion is appreciated
Thank you
First you have to figure out which user and group your web server (Apache/nginx/etc) are running under.
If you're using Apache, you should be able to check by running:
grep -E '^(User|Group)' /etc/apache2/apache2.conf
In Ubuntu, it's common for both user and group to be www-data.
Once you know that, you should be able to change the file's ownership like:
chown [webserveruser]:[webservergroup] /var/www/racktables/inc/secret.php
Example:
chown www-data:www-data /var/www/racktables/inc/secret.php
Keep the chmod the same as you had before.
This should mean it's readable by the www-data user and only the www-data user, writable by nobody (including www-data), which should mean all four of your conditions.
I know that there are a lot of similar questions, but just hear me out and if this was a silly question and there was nothing new about it, i'll just delete this question.
I'm trying to upload using php, but I get permission denied. So here's what I did to solve it and didn't work:
first of all, this is localhost, so i can't set the owner of the files to apache, because I won't be able to edit them.
So I got the apache user name in php, and it was www-data
I created a new group called 'localhostowners'
I added my own user to this group
I added www-data to the group
when I run
grep -i 'localhostowners' /etc/group
I get
localhostowners:x:1001:mnvoh,www-data
And then I set the file permissions for everything on the localhost dir to 764
and set the owner with this:
sudo chown -R mnvoh:localhostowners localhostdir
But now I can't execute the php scripts hence the 4. although according to what I know, the 6 should be affecting apache, since I set the group on the files. What am I doing wrong here???
Thanks everybody :)
Test with:
sudo chown -R mnvoh:localhostowners localhostdir
sudo chmod 764 -R localhostdir
-R: recursivity
First you should check the permission the file
ls -a
or
ll
and make sure the person who want to execute the file have X permission.
-user-group-other
-rwx rwx rwx
I have a function in PHP language to create an xml file when requested.
if(($file= fopen("./include/catalogo.xml", "w"))==false){echo 'non creo il file'; return false;}
"catalogo.xml" can't be created, permission denied. I know I should try to change permissions, but how can do this if the file doesn't exist? Or, are there things that I ignored?
I think you might be ignoring the permissions of the directory (./include).
I'm assuming you are running this PHP via a web-server and on Linux (like Apache for example) - in which case the user account that is trying to create the file will be 'apache' or 'www-data' (or whatever user your webserver is running under).
On your server - have a look at the permissions of ./include - you need to do one of two things:
a) make ./include world writable (so the 'apache' user can now create a file inside of it).
b) change the owner or group of the ./include to 'apache' so it can create a file inside of it.
Your PHP is fine - it's the permissions of the folder it is trying to create the file inside of that is not.
You have to change the ownership of the directory "include" and set it to the web server's user and set the permission to a reasonable value:
$ sudo chow www-data include
$ sudo chmod 755 include
If you don't know which user your web-server is running by you can open the include dir permissions world-wide:
$ sudo chmod 1777 include
after create the creation of catalogo.xml you check the include diretory:
$ sudo ls -al include
-rwxr-xr-x 1 http web 4096 May 5 15:37 catalogo-xml
Now you can change the ownership of the directory "include" and set it to the web server's user (http) and reset the permission to a reasonable value:
$ sudo chow http include
$ sudo chmod 755 include
See also the manual of chmod, chown and ls:
$ man chmod
$ man chown
$ man ls
If you use the terminal and go to the parent of folder your file will be created in, which is the parent of the include folder and type in the command:
chmod 777 include
This should change the permissions of this folder so you won't receive the permission denied error anymore. If you do try this command:
chmod -R 777 include
I have recently installed FC13 and am attempting to write a mechanism in my PHP code that caches gathered data into a specific directory (for our purposes here, let's call it /var/www/html/_php_resources/cache).
I copy my files over to the /var/www/html directory and then run chown -R apache:apache /var/www/html/* and chmod a+w /var/www/html/_php_resources/cache on the new data. For right now I am just using the global write permission for convenience. I will tweak the permissions later.
When I attempt to use the chmod or mkdir PHP functions I wind up with:
Warning: chmod(): Permission denied in /var/www/html/_include/php/CacheInit.php
or
Warning: mkdir(): Permission denied in /var/www/html/_include/php/CacheInit.php
Now, when I disable SELinux everything works just fine. The problem is that I would prefer not to disable SELinux and actually get the permissions set up correctly so that I can port it over to servers where someone does not have such explicit control.
As an example: my personal site host allows me to set read/write permissions on directories but will not allow for SELinux policy changes.
FYI:
uname -r = 2.6.34.7-56.fc13
*php -version * = PHP 5.3.3
rpm -qa | grep httpd = httpd-2.2.16-1.fc13
Does anyone have any suggestions?
I had the same problem, trying to mkdir from php. Not so much information on google but this is what I found and I guess this is the correct solution. One have to label the dir in which apache should create directories.
Label should be "httpd_sys_script_rw_t" and I found that info here: http://docs.fedoraproject.org/en-US/Fedora_Core/5/html/SELinux_FAQ/index.html#id672528
Here's how to label the dir: chcon -R -t httpd_sys_script_rw_t <dir>
Reference somewhere here: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/rhlcommon-chapter-0017.html
Hope this help someone out there.
When I use chmod() to change permissions at run time, it gives me the below message:
Warning: chmod() [function.chmod]: Operation not permitted in /home/loud/public_html/readalbum.php
How can I remove this error and make the chmod function work?
$ sudo chmod ...
You need to either be the owner of the file or be the superuser, i.e., user root. If you own the directory but not the file, you can copy the file, rm the original, then mv it back, and then you will be able to chown it.
The easy way to temporarily be root is to run the command via sudo. ($ man 8 sudo)
In order to perform chmod, you need to be owner of the file you are trying to modify, or the root user.
This is a tricky question.
There a set of problems about file permissions. If you can do this at the command line
$ sudo chown myaccount /path/to/file
then you have a standard permissions problem. Make sure you own the file and have permission to modify the directory.
If you cannnot get permissions, then you have probably mounted a FAT-32 filesystem. If you ls -l the file, and you find it is owned by root and a member of the "plugdev" group, then you are certain its the issue. FAT-32 permissions are set at the time of mounting, using the line of /etc/fstab file. You can set the uid/gid of all the files like this:
UUID=C14C-CE25 /big vfat utf8,umask=007,uid=1000,gid=1000 0 1
Also, note that the FAT-32 won't take symbolic links.
Wrote the whole thing up at http://www.charlesmerriam.com/blog/2009/12/operation-not-permitted-and-the-fat-32-system/
You, or most likely your sysadmin, will need to login as root and run the chown command:
http://www.computerhope.com/unix/uchown.htm
Through this command you will become the owner of the file.
Or, you can be a member of a group that owns this file and then you can use chmod.
But, talk with your sysadmin.