I know this question is asked a lot, but I can't seem to find the error why my symlinks sometimes aren't working.
I have two folders:
/home/user/domains/example.com/folder1
/home/user/domains/example.com/folder2
These are their permissions:
drwx--x--x 9 root root 4096 May 12 11:15 home
drwx--x--x 7 user access 4096 Feb 9 10:23 user
drwx--x--x 3 user user 4096 May 5 2014 domains
drwx--x--x 12 user user 4096 Jul 7 09:52 example.com
drwxr-xr-x 2 apache apache 4096 Jan 21 09:22 folder1
drwxrwxrwx 4 user user 4096 Jul 9 10:38 folder2
in PHP I create two symlinks:
symlink("/home/user/domains/example.com/folder1","whatever/folder");
symlink("/home/user/domains/example.com/folder2","whatever/folder");
Why is my symlink to folder1 working and my symlink to folder 2 not? I have been looking at it for hours now..
Edit:
Well, as my provider isn't of any help, I'd like to try a different solution: create a symlink and immediately change its owner. This, however, gives me an 'Operation not permitted' error. Any ideas on that?
Assuming the symbolic links were created successfully, folder2 most likely yields a permission error when Apache is configured to only follow symbolic links if the owner matches; you're looking for this specific configuration option:
SymLinksIfOwnerMatch
You could make Apache less rigid by using the following option instead:
FollowSymLinks
Alternatively, fix the ownership of the symbolic link target to make it work.
Try to delete both symlinks then 1) try PHP again and see if it persists and 2) logging in via SSH and create the same links using ln instead, for example
ln -s whatever/folder /home/user/domains/example.com/folder1
If that works, then it is probably a permission issue with the folder you are linking from or into, that the apache server / PHP cannot address
Does whatever/folder have enough permissions?
Remove folder1 and folder2 then Try
symlink("/home/user/domains/example.com/folder1.txt","whatever/folder");
Change the user group of folder2 from user:user to apache:apache
chown -R apache:apache folder2
The reason is because Apache needs the group permissions rather than a normal user.
Related
I have Ubuntu 16.04 with Apache2 and php7 on it.
I wan't to read some log files with php and print them.
Therefore I do a simple
readfile("/var/log/apache2/access.log");
But that does not work. I get this error:
Warning: readfile(/var/log/apache2/access.log): failed to open stream: Permission denied in /var/www/test.php on line 2
I'm quite sure I've set the permissions right, Apache and php runs as www-data, so I added the user www-data to the groups 'adm' and 'syslog', as these groups have read permissions for the whole file path and the file itself.
Permissions are 640 by default, but only if I set it to 647 for example, the file is readable for php/apache.Even 644 or 646 is not enough.
Why is that? Do I have to change something in the Apache vhost config?
Addition: ls -alp /var/log/apache2
drw-r----- 2 root adm 4096 Oct 25 11:07 ./
drwxr-xr-x 9 root syslog 4096 Oct 25 10:39 ../
-rw-r----- 1 root adm 47861 Oct 25 14:01 access.log
-rw-r----- 1 root adm 12014 Oct 25 14:01 error.log
-rw-r----- 1 root adm 0 Oct 25 10:40 other_vhosts_access.log
Since this is clearly a permissions error, ensure each parent folder leading to access.log definitely have the group set to either adm or syslog.
Each folder leading up to access.log must have at least a group permission of read and execute (g+rx) to allow PHP to descend into each sub-directory.
If I were you, I would change the apache config to write the file to a publicly inaccessible folder in your web root (since the log file is clearly essential in your application). This saves you from modifying system folder permissions which can be dangerous especially in web applications.
Overview
I'm using Laravel 4.2 with an image upload feature. I have it set up on Homestead, but recently I removed Nginx and serve the site with Apache instead (due to the need to use Server Sent Events).
Before I moved from Nginx to Apache the file upload functionality worked fine. It also works fine on a staging server with Apache.
The Error
I'm using the Intervention image library to handle image uploads. When I try to upload a file, I get the following in my laravel.log file:
Can't write image data to path (/home/vagrant/projects/projectname/public/assets/pics/profile/photos/f55f0ae2-2d1a-4fdd-b9be-39d8a509baa3.jpg)
What I've Tried
I thought it was just a simple permissions error. I've gone so far as to chmod my asset directories to 0777, change the directory owner to www-data, create a new group called web with www-data and change the owner group to that, (basically everything in this answer and more) and still it doesn't work.
The directory definitely exists, and like I mentioned, it worked before the move to Apache (I'm not entirely sure if it's related but it seems likely).
My /var/log/apache2/error.log is empty, too.
The staging server works fine, but I don't want to encounter the same problem when I provision the production server. I'd like to fix the problem and understand it more so I can fix it if I ever come across it in the future. Why is this happening and what can I do to fix it/debug further?
Example Folder Permissions
drwxr-xr-x 1 vagrant vagrant 272 Jan 26 11:07 assets/pics
drwxr-xr-x 1 vagrant vagrant 170 Jan 26 10:11 assets/pics/defaults
drwxr-xr-x 1 vagrant vagrant 714 Jan 26 14:10 assets/pics/forums
drwxr-xr-x 1 vagrant vagrant 646 Jan 26 14:10 assets/pics/forums/thumbs
drwxr-xr-x 1 vagrant vagrant 170 Jan 20 18:02 assets/pics/gallery
drwxr-xr-x 1 vagrant vagrant 3026 Jan 26 13:24 assets/pics/messages
drwxr-xr-x 1 vagrant vagrant 2992 Jan 26 13:24 assets/pics/messages/thumbs
drwxr-xr-x 1 vagrant vagrant 136 Jan 8 17:27 assets/pics/profile
drwxr-xr-x 1 vagrant vagrant 136 Feb 10 14:48 assets/pics/profile/photos
drwxr-xr-x 1 vagrant vagrant 102 Feb 10 14:51 assets/pics/profile/photos/thumbs
For some reason the owner/group is still vagrant, even when I chown them. I've tried with sudo chown and by doing sudo -s.
Try modifying your Vagrantfile to include this line, before the end of the Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| block:
config.vm.synced_folder "/path/to/laravel/app", "/home/vagrant/projects/projectname", :owner => "www-data", :group => "www-data", :mount_options => ["dmode=775", "fmode=664"]
The string "/path/to/laravel/app" must point to dir you're working on outside the Vagrant machine. This should force the file owner and permissions to be the ones you specify for all the project files (so they're not overridden by vagrant). You'll need to restart the VM after you make the change.
How are you doing your chown? It should be
chown USERNAME GROUP -R /path/to/file
I've uploaded some php scripts to my server under /php directory and sub directories.
When using my root user in terminal and running php file.php it execute it perfectly, but when trying to reach the same file through the browser - nothing happens...
I guess it something to do with permissions.
I've tried chmod 755 phpdirectory but it doesn't work..
what else should i do in order to give the browser user the ability to run php scripts ?
Update
I'm using FreeBsd system with apache and Direct Admin on it.
Can some one please guide me to where to check the settings ?
Usualy All webb access to a file is done through a specific user (eg. www-data) in order for the file to be reachable through web www-data needs permission to reach the code. How you setup that depends on what system the server is running.
Also the server document_root needs to be setup correctly. Where you do this also depends on what server you are runnning.
EDIT after update question.
In apache this is normally done through the file /etc/apache/sites-avalible/your_site
If the server only serves one page you can do this in http.conf
Check whether the User directive inside httpd.conf file is same as the user you used to ran the PHP script.
You need to make sure your PHP scripts have same user and group as you configured in Apache configuration(/etc/httpd/httpd.conf in CentOS 6.4).
# User/Group: The name (or #number) of the user/group to run httpd as.
User apache
Group apache
Check the owner and group of your PHP directory and files. In this case owner and group (root/root) are not same as Apache User and Group.
# ls -alh
total 516K
drwxr-xr-x. 5 root root 4.0K Aug 29 17:57 .
drwx------. 5 root root 4.0K Jun 24 12:06 ..
-rwxr--r--. 1 root root 356K Jul 7 2012 index.php
To change the owner and group of your PHP directory. Use the following command.
# chown -R apache:apache www
I have a need to create SSH accounts on my self managed hosted CentOS VPS. I want them to only have access to their own home directory. I would like to avoid a CHRoot Jail to keep things simple. I am hoping to achieve this with linux file permissions.
What I have done so far:
I backed up existing permissions using the following: getfacl -R / > permissions.acl
I ran an operation that would remove all world/other user access. chmod -R o-rx / (modify permissions on root recursively, remove read and execute on other/world group.
Tested existing sites:
Sorry cant post images as I am new and have no reputation
Forbidden
You don't have permission to access /index.htm on this server.
Apache/2.2.15 (CentOS) mod_fcgid/2.3.7 PHP/5.3.3 mod_python/3.3.1 Python/2.6.6 mod_ssl/2.2.15 OpenSSL/1.0.0-fips mod_perl/2.0.4 Perl/v5.10.1 Server at www.ponmanconstructions.com Port 80
Restored known working configuration.
Any idea why this could be happening?
An ls -l on the folder in with the working configuration
drwxrwxr-x 6 apache root 4096 Jul 22 07:28 mysite.com
An ls -l on the folder in the required configuration (This config causes the Forbidden error)
drwxrwx--- 6 apache root 4096 Jul 22 07:28 mysite.com
apache user belongs to apache group too so if you don't give read & execute permission to that group so it becomes others i.e why you get forbidden error.
Thanks & Regards,
Alok Thaker
My website creates files with owner apache:apache when uploading a file, like this:
drwxr-xr-x 2 apache apache 4096 Aug 28 14:07 .
drwxr-xr-x 9118 apache apache 233472 Aug 28 14:07 ..
-rw-r--r-- 1 apache apache 41550 Aug 28 14:07 468075_large.jpg
-rw-r--r-- 1 apache apache 26532 Aug 28 14:07 468075_medium.jpg
-rw-r--r-- 1 apache apache 50881 Aug 28 14:07 468075_original.jpg
-rw-r--r-- 1 apache apache 4316 Aug 28 14:07 468075_small.jpg
Now I am trying to create a file inside the same folder with the user that owns that domain in Plesk and I get permission denied.
How can I have both apache and shell user with permissions over that files?
Thanks.
You have to create a group and put your Plesk and Apache user in it. Than you have to chmod -R g+rwX on your files.
And set the default umask of your system to 002.
If that shell user is not apache but in the same group, you will need to make the folder group writeable.
chown 755 .
As it is right now it won't allow anyone other than apache to add a folder.
Or, you can try to use php to do fopen?
Thanks for the answers but I finally decided to run a cron job that will open a php script from the website using wget.
That way it's the same apache user that already has access to the files. I did this basically because I've got tons of files, about 300GB of images so it would take a lot I think to apply al the new permissions.