I have a picture folder in the website directory and every time i upload pictures into that directory, they have the wrong permissions and i have to manually change the permissions so that i could alter the images or rotate them, delete, copy etc. Is there a way to automatically change the permissions of the uploaded files in that specific folder. May be there is some permission field in Apache configurations that can be changed. Please help!
Thank you.
Most likely the user running the webapp is www-data (for ubuntu/debian based OS). If the user you are logging in to your box is a different, the best you can do is to setup a group and make that group own /var/www - or only the folder you really need. The group should hold the both users:
add a group:
sudo groupadd <name of the group> // whatever you prefer
Now that the group exists, add the two users to it:
sudo usermod -a -G usergroup <your username> // the one you login with
sudo usermod -a -G usergroup www-data
Now all that's left is to set the permissions on the directory:
sudo chgrp -R usergroup /var/www
sudo chmod -R 775 /var/www
Now only members of the usergroup group can read, write, or execute files and folders within the directory. Note the -R argument to the chmod and chgrp commands: this tells them to recurse into every sub directory of the target directory and modify every file and directory available.
Please note that group assignment changes won't take effect until the users log out and back in.
You can use chmod in PHP to change the permissions.
http://php.net/manual/en/function.chmod.php
Related
I am confused with file permission and their uses by Linux.
Web server : Apache,
OS : Ubuntu 16.04 LTS
I have a file test.php in /var/www/html/ folder with permissions 644 and owner and group as root. Now, this files does some internal routine work related to database, i.e. it interacts with database and this file is executed through cron job. Now, when I requested for this file through browser by putting www.example.com/test.php, then, to my surprize, the file got executed and did all the job with the database.
Now, here I have some points of confusion.
test.php file was compiled and executed, and for its execution I should set execute bit in the permission, which was not set actually.
When browser requested the file, it sent the request to apache, which is www-data user and this user executed this file. But the owner and group of the file was root. Also, other users except file owner and group have only read permission, then how was it executed.
Note : Even when I gave permission as 000 with root as owner and group then also file got executed when requested through browser.
files 664 and folder 755 and user and group www-data.
$ sudo chown -R www-data:www-data /var/www
$ sudo chmod -R 755 /var/www
And test to http://localhost/test.php
I user my personal user, then add my user to group www-data and change permission to folder 775 and filers 664. and owner personaluser:www-data
$ sudo usermod -aG www-data personaluser
$ sudo chown -R personaluser:www-data /var/www
$ sudo chmod -R 775 /var/www
www-data is a user/group that run the apache. So www-data execute (Interpreter ) the code.
For access with domain "example.dev" or other you have use a virtualhost. Check this: https://www.digitalocean.com/community/tutorials/como-configurar-virtual-hosts-de-apache-en-ubuntu-16-04-es
I have a localhost set up on my sites folder on a mac which lets me use php, mysql, phpMyAdmin and all sorts of goodies. But I have an issue when my website creates folders or files. All the permissions for _www are 'read only.' When I use a php function such as mkdir("folder path");, it creates folders with permission of 'read only'. How can I configure my sites folder to have 'read & write' permission for every file created or placed in sites folder?
Thank you community!
To activate read/write permission either for you and Apache in global Apache Document Root, do this in Terminal application:
sudo chown _www:_www /Library/WebServer/Documents
sudo chmod 0775 /Library/WebServer/Documents
sudo dseditgroup -o edit -a username -t user _www
To activate read/write permission either for you and Apache in your personal Document Root, do this in Terminal application:
sudo chown _www:_www /Users/username/Sites
sudo chmod 0775 /Users/username/Sites
sudo dseditgroup -o edit -a username -t user _www
Please note: Change username above with your short username.
By these commands, you:
set the owner of directory to user _www (Apache) of group _www;
set permissions of directory to read/write/execute to owner and group members, read/execute for others (you can type 0770 to others/none permission or 0771 to others/execute only);
add you to group _www.
I have a ec2 image and get the following error when trying to create a new laravel project.
[ErrorException] mkdir(): Permission denied
Here is the command:
composer create-project laravel/laravel mydir
I can write to the folder with my ec2-user username but do I need to add permission for composer to write?
Quick Answer:
For security reasons, lets keep root as the owner and just allow ourselves to read, write, and execute within the area which we will be working in.
Change directories
cd /var/www/
Change group ownership
sudo chown -Rv root:$USER .
Add priviledges to our group
sudo chmod -Rv g+rw .
For the grand finale, go ahead and create your new laravel project
composer create-project laravel/laravelprojectName--prefer-dist
Congratulations, We're done. :)
In-Depth Explanation
Explanation behind the solution:
By default you have two users; root and $USER(this is the global variable, but the actual name is whatever you put as your username). Every user created comes with a group as well. So if my username is john, I have a group called john.
There are many ways to solve this problem but I perfer this route for a few reasons:
I still want root to be the owner of the files for security reason.
I am working in a localhost so there shouldn't be any other (guest)users writing on my files.
In order to achieve this we will need to edit the group ownership and add the proper permissions. We will leave the others as is and only allow them to read and execute the files.
So lets get started:
I like being in the directory that I am making changes to in order to avoid mistakes so first we will need to enter the the directory which we will be working in.
cd /var/www/
We will need to change the group ownership of the directories which we will be working in. Starting from the directory which we are in and all the future directories and files we will create underneath this directory. So basically any children directories from now on will be own by our group.
sudo chown -Rv root:$USER .
chown = command to change owner.
-R = Recursive - This is basically stating to perform the same command to all the directories within this directory.
-v = verbose - we are stating here to keep us updated by showing us what is actually happening.
root:$USER = This is were we are setting the ownership. The first word before the colon(:) states the root will be the single owner. The second word after the colon(:) states that the group owner will be $USER(the current user).
. = This just means 'here, in this directory'.
Now we are going to add the right privileges to our group. Keep in mind this is where we allow root to be the primary owner while ONLY allowing ourself's to create changes(of course, besides root). As I mentioned before, this does not allow other users to create any changes what so ever.
sudo chmod -Rv g+rw .
chmod = command to change modifications, in this case, privileges.
-Rv = Recursive & Verbose
g = this states who will receive the modifications. In our case g-group Other options are u-user and o-other.
+ = symbolizes add
r = symbolizes read
w = symbolizes write
Now we are done. Try creating a new laravel project.
composer create-project laravel/laravelprojectName` --prefer-dist
Note: If this is not working, enter the command ls -al | grep $USER while inside the /var/www/ directory.
If you get this:
drwxrw-r-x
You are missing the executable(x) privilege for the group. The first x is for the user and last x is for others. There should be middle x for the group.
Run the following command and you should be all set to go:
sudo chmod -Rv g+x .
Now if you run ls -al | grep $USER, you should get:
drwxrwxr-x
add "www" group and add your user to this group
sudo groupadd www
sudo usermod -a -G www ec2-user
logout/login
set ownership and write permissions
sudo chown -R root:www /var/www
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} +
find /var/www -type f -exec sudo chmod 0664 {} +
Referencing: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/install-LAMP.html
I ran into the similar ErrorException, when creating an additional project inside the Homestead/Vagrant environment.
I had previously added folders and path to the Homestead.yaml.
The answers of Oscar and Jens A. Koch pointed into the right direction, but go too far on my dev-machine.
Working narrower solution inside Homestead-Box:
sudo mkdir <ProjectDir>
sudo chgrp vagrant <ProjectDir>
sudo chmod g+wx <ProjectDir>
composer create-project --prefer-dist laravel/laravel <Project>
The gist of the problem
Installing Laravel inside /var/www/html folder is a common requirement. However, the system defaults usually sets the user and group for this folder and its parent(www) to root And composer will complain if you run it as root.
Solution
Find the user corresponding to your apache/nginx server. It usually has names like www,www-data etc. You can run the below command to get a clue
cat /etc/group | grep www
With the knowledge of the server user(from above), you can run the below commands. I am assuming that your server user is www-data
# Under your user account, change directories
cd /var/www/
# Change group ownership
sudo chown -Rv root:www-data .
# Give all the privileges to the group
sudo chmod -Rv g+rwx .
# Add your user name to www-data group, use 'who' command to get your username
sudo usermod -a -G www-data your_user_name
# Verify that your user name is in the www-data group by typing
group your_user_name
# Very important, logout of the system and come back to this folder
# Do the the laravel install
composer create-project --prefer-dist laravel/laravel projectName
# Not finished yet! recursive make the www-data the group owner of projecName which the folder in which Laravel site resides by now
sudo chown -R :www-data projectName
Make sure that you have read/write folder permission. It works to me.
Like in ubuntu
var/www/html
So if you want to make dir in html folder then first give permission to html folder. Then you are done. Thanks.
This Problem with a Vagrant box
If you tried to install something with composer in a new vagrant box, it is possible that when installing the vagrant you have specified the path you are allowed to use.
So check your personal .yml file in order to check this under
\ansible\vars
there you have something like this
vagrant_local:
vm:
name: oxideshop
hostname: oxideshop.local
aliases:
- www.oxideshop.local
app_shared_folder:
source: oxideshop
target: /var/www/oxideshop
You have to make sure, that the app_shared_folder target is the same you use for the composer installation.
Example:
composer create-project oxid-esales/oxideshop-project
/var/www/oxideshop dev-b-6.1-ce
Make sure that you have read/write folder permission.
LIKE: sudo chown -R USER NAME:www-data /PROJECT PATH/USER NAME/PROJECT NAME/
Example:
$ sudo chown -R tubai:www-data /home/tubai/firstlara/
Run the following commands
cd /var/www
sudo chown -R $USER:www-data html/
sudo chmod -R 775 html/
I had the same problem and executing the command using sudo just worked for me:
sudo composer create-project laravel/laravel mydir
cd to the directory where you currently want to install laravel and change directory access with
sudo chmod -R 777 ./
type your password and you are good to resume to the installation
Hi anyone can help me for this issue , I have developed a site and it is hosted on my development server but now my client wants to move it to his own production server, and my client doesn't have access to his cpanel for this server. I only have the ftp access, so I have added his database in my own development server, while in development I used my amazon s3 for storing the images , when I push to production I loss the amazon plugin . I can't able to install the plugin , so I moved to upload once again to those images through WordPress, now I face this error while uploading an image : Unable to create directory wp-content/uploads/2014/07. Is its parent directory writable by the server? , and change the ftp file permission access to 755 and changed the uploads file permission to 777 , Still I am not able to upload the images, can some one help me for this issue.
This is a problem of the Apache permissions. I had this problem and i broke my mind for many days to understand what was happening.
The correct way (USE IT):
(the solution that i used, and worked)
You need to give Rewrite permissions to the Apache.
For Ubuntu:
Run via ssh: chown -R www-data:www-data /var/www/the/wordpress/directory
For Centos:
Run via ssh: chown -R apache.apache /var/www/the/wordpress/directory
The Wrong Way (I don't recommend it, but works...)
You can change the permissions to 777 in all the paths that Wordpress need to change. wp-content/plugins recursively on folders to solve install/update problems, and wp-content/uploads recursively on folders to solve upload media problems.
Never use it because you are giving permissions to anyone change your files. A open way for the crackers that don't like you.
run these command to provide proper file permissions
Add existing 'ubuntu' user to 'www-data' group
sudo usermod -a -G www-data ubuntu;
Set the ownership of the files/directories
sudo chown -R www-data:www-data /var/www/html/;
Set group ownership inheritance
sudo chmod g+s /var/www/html/;
Set the permissions of the files/directories
sudo find /var/www/html/ -type d -exec chmod 755 {} ;
sudo find /var/www/html/ -type f -exec chmod 644 {} ;
Give write permissions to the group (for editing files via FTP)
sudo chmod -R g+w /var/www/html/;
I'm new to the mac world and have just been setting up my webserver. I used the following guide: https://alan.ivey.dev/posts/2011/os-x-10.7-lion-development-native-mamp-with-mysql-installer/
I've transferred my sites and databases and everything is going pretty well. The only problem I have is with the writing permissions. For example there is a config file that needs to be written to, and I had to right click, go to Get Info then enable read & write for staff and everyone.
I can't manually go through and enable these write privileges for every file/folder. I didn't need to do this using WAMP and made development much quicker.
So wondering about 2 possible solutions:
a) add my user account to a whitelist for the localhost so that 644 privileges are sufficient
b) set the write privileges recursively
I found the best solution was to change the apache user and group settings. The instructions can be found at: http://paulmason.name/item/change-apache-user-group-in-lion-os-x
Open Terminal and Enter
sudo nano /private/etc/apache2/httpd.conf
Find and change http.conf code from
User _www
Group _www
To
User your_mac_username
Group staff
Note: With earlier versions such as Leopard, capitalize staff to Staff. You can get your username and group by typing "id" and hitting enter in terminal
Restart Apache
sudo apachectl restart
I'm the author of the mentioned blog post. For web server file permissions, you'll want to give write access to the _www user for files. For config.inc.php, you would set it a couple ways:
Have _www own the file and have write permissions:
$ sudo chown _www config.inc.php
$ chmod u+w config.inc.php
Have your user own the file, change the group to _www, and give group write permissions:
$ sudo chgrp _www config.inc.php
$ chmod g+w config.inc.php
Or, if you feel comfortable allowing all users to write, which I would not recommend for security reasons, give all users the ability to write:
$ chmod a+w config.inc.php
If an entire folder needs to be written by the _www user, it can own the folder and all files:
$ sudo chown -R _www:_www folder/
or you can give the folder write and execute permissions by all:
$ chmod a+wx folder/
The reason why chmod 774 gave you forbidden errors was because the _www user fell under the '4' permission, which is 'read-only.' For directories, a user needs 'execute' in order to traverse into the folder. chmod 775 would allow user and group to rwx, and others to r-x. Here's more information on Unix file permissions.
Also, your user could retain full ownership and add certain permissions for the _www user instead of changing the level of access for ALL users by using Access Control Lists.
$ sudo chmod -R +a '_www allow read,write,delete,add_file,add_subdirectory,file_inherit,directory_inherit' folder
$ sudo chmod +a '_www allow read,write' config.inc.php
If you're going to go the route of ACLs, I'd suggest doing some more reading to see what levels of access you really need to provide. Here is a great place to start.
I'm running Apache on OSX and this fixed it for me:
sudo chown -R _www:_www <mywebfolder>
sudo chmod -R 775 <mywebfolder>
Update #1:
Syntax: sudo chown <user>:<group> <file-or-folder>. The Apache user on OSX is _www.
To keep ownership but give Apache r-w-x permissions:
sudo chown -R <your-username>:_www <mywebfolder>
sudo chmod -R 775 <mywebfolder>
Update #2:
I like this method best. Set Apache to run as you.
In terminal type id to get uid=123(Myname).
Open /etc/apache2/httpd.conf and edit it to use your username.
<IfModule unixd_module>
User Myname
Group staff
</IfModule>
Back to terminal: sudo apachectl restart
I recommend settings the Write privileges recursively for your web root.
You can do this via the console / terminal using chmod -R 774 /my/web/root. For me, the owner and group is set to: www-data:myUserName, which can be set by using chown. Don't forget to check who's your web user first.
Edit: For better understanding, why you don't have access:
Chmod 774, each number stands for specific rights: user, group, others. If the user is set to www-data and the group to www-data (most users on a Unix system are in a group that's named by their username). So, if you're not in the group www-data you either have to join it, or you have to change owner (chown) or you have to change the permissions (chmod). There are several tutorials out there, for more information.
Above solutions didn't work for me. What I did was :
Right click the folder -> Get Info
There is a priviledge setting at the very bottom.
Change it to Read & Write for Everyone.