I copied a few files from a local folder to the apache server folder /var/www/html, which includes an index.html as well.
I created a test file to check php version inside the folder and it gave the correct result of phpinfo().
But I cannot run localhost/index.html from the browser. I get the error-
Forbidden
You don't have permission to access /index.html on this server.
Apache/2.4.7 (Ubuntu) Server at localhost Port 80
I checked the owner info by running ls -l inside /var/www/html, and this is the result-
drwx--S--- 4 root www-data 4096 Mar 26 22:28 ch01
-rw-r--r-- 1 root www-data 20 Mar 26 22:16 check.php
-rw------- 1 root www-data 36911 Mar 26 22:28 fang.jpg
-rw------- 1 root www-data 2060 Mar 26 22:28 index.html
-rw-r--r-- 1 root www-data 19 Mar 26 22:28 pp.php
-rw------- 1 root www-data 1261 Mar 26 22:28 report.php
-rw------- 1 root www-data 77 Mar 26 22:28 style.css
I am trying to run the example code from head first into php and mysql.
I installed apache and php using this guide - https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu
-rw------- 1 root www-data 2060 Mar 26 22:28 index.html
The file is
owned by root (who can read and write to it (rw-))
a member of the www-data group (which can't do anything with it (---))
can't be touched by the public (---)
Your webserver is almost certainly running as www-data, so you need to either:
Change the ownership of the file: chown www-data index.html or
Give the group permission to edit it: chmod 660 index.html
You have similar issues with other files.
NB: The current ownership and permissions suggests that you are using the root account to manage the files for the website. Don't do that. Create an account with more limited access for that purposes. Only run as root when you really have to.
the default location is
/var/www/
and not '
/var/www/html/
you can access the index.html at
http://localhost:80/html/index.html
Related
Images saved by PHP are linked to the www-data user, and therefore are not read by the browser unless I run it in ROOT mode. However, if I open a terminal and use CHOWN or CHMOD, I can solve this manually. But I do not plan to do this every time I upload an image.
Is there a way to make PHP save the images correctly? ie belonging to ROOT or my user?
Below is a portion of the directory listing. As soon as the file wi_10026.png' has been saved. Notice that the owner is different. This causes the browser to not be allowed to execute it.
-rw-r--r-- 1 www-data www-data 27150 Jan 2 14:44 wi_10026.png
-rwxrwxrwx 1 root root 43007 Set 11 2014 wi_cadeado.png
-rwxrwxrwx 1 root root 15603 Dez 23 18:39 wi_expirou.png
-rwxrwxrwx 1 root root 12139 Nov 16 2015 wi_guarda.png
-rwxrwxrwx 1 root root 13960 Out 20 23:50 wi_livro.png
I'm using bitbucket to host my git repository, the repo holds a test website at the moment, I have created a bitbucket webhook, so when I push to the bitbucket repo, the changes show up as live on the digitalOcean VPS, in other words.. when bitbucket receives a push, it calls the webhook php file, and that php file has a shell script that pulls from github..
the hook file
Hook path : /var/www/html/hook.php
the site folder
Site path : /var/www/html/webhooks/
the hook.php file looks like so
<?php
echo "________PHP_AUTO_PULL________";
$output = shell_exec('git -C ./webhooks/ pull https://userName:password#bitbucket.org/userName/repo.git master');
echo "<pre>$output</pre>";
?>
when I do this in terminal
php hook.php
it does the job normally, and it pulls..
but the problem is, webhooks only shows this reply
________PHP_AUTO_PULL________
indicating that it does no pull, yes I have checked, no pull occured, how to make the hook execute the file normally?
permissions and owners are provided in these listings
listing for /var/www/html/
drwxrwxr-x 3 www-data www-data 4096 Mar 28 09:21 ./
drwxrwxr-x 3 www-data www-data 4096 Mar 3 16:49 ../
-rwxrwxrwx 1 www-data root 200 Mar 28 09:05 hook.php*
-rw-rw-r-- 1 www-data www-data 20 Mar 3 16:49 info.php
drwxr-xr-x 3 root root 4096 Mar 28 09:03 webhooks/
listing for /var/www/html/webhooks/
drwxr-xr-x 3 root root 4096 Mar 28 09:03 ./
drwxrwxr-x 3 www-data www-data 4096 Mar 28 09:21 ../
-rw-r--r-- 1 root root 295 Mar 27 15:13 content.html
drwxr-xr-x 8 root root 4096 Mar 28 09:03 .git/
-rw-r--r-- 1 root root 444 Mar 27 15:13 index.html
-rw-r--r-- 1 root root 963 Mar 27 15:13 menu_1.html
-rw-r--r-- 1 root root 13 Mar 28 09:03 number.txt
my webserver is nginx
any idea why it works from terminal, but bitbucket can't have it to work?
I have managed to solve it, using :
echo shell_exec("/usr/bin/git pull https://userName:password#bitbucket.org/userName/repo.git master 2>&1");
the 2>&1 part was helping me to see errors about permissions of folders, I used
chown -R www-data .git/
and it's working fine.
I'm trying to install a PHP-based software package in a Red Hat 7 Amazon EC2 instance (ami-8cff51fb) that has had Apache 2.4.6 and PHP 5.4.16 installed on it using yum. The installation fails because it says a particular directory needs to be writable by the webserver with 0755 or 0775 permissions.
The directory in question has 0775 permissions with root:apache ownership. I have verified that the httpd process is being run by the apache user and that the apache user is a member of the apache group.
If I edit /etc/passwd to temporarily give the apache user a login shell and then su to that account, I am able to manually create files as the apache user within the directory using the touch command.
I took a look at the source code of the installer script and identified that it's failing because PHP's is_writable() function is returning false for the directory in question. I created a separate test PHP script to isolate and verify the behaviour I'm seeing:
<?php
$dir = '/var/www/html/limesurvey/tmp';
if (is_writable($dir)) {
echo $dir, ' is writable';
} else {
echo $dir, ' is NOT writable';
}
?>
This outputs the NOT writable message. If I change $dir above to be /tmp then it correctly outputs that /tmp is writable.
If I change the directory permissions to 0777 and/or change the ownership to apache:apache then PHP still reports that the directory isn't writable. I even tried creating a /test directory set up with the same permissions and ownership and my test script still reports it as not writable.
I'm really at a loss as to explain this behaviour, so any ideas would be welcome!
Thanks in advance.
The directory listing for /var/www/html/limesurvey is given below. The tmp and upload directories have 0775 permissions as per Lime Survey's installation instructions. test.php is my test script mentioned above.
[ec2-user#ip-xx-x-x-xxx limesurvey]$ pwd
/var/www/html/limesurvey
[ec2-user#ip-xx-x-x-xxx limesurvey]$ ls -al
total 80
drwxr-xr-x. 20 root apache 4096 Mar 30 11:25 .
drwxr-xr-x. 3 root root 23 Mar 25 14:41 ..
drwxr-xr-x. 2 root apache 38 Mar 10 12:56 admin
drwxr-xr-x. 16 root apache 4096 Mar 10 12:56 application
drwxr-xr-x. 3 root apache 4096 Mar 10 12:56 docs
drwxr-xr-x. 2 root apache 4096 Mar 10 12:56 fonts
drwxr-xr-x. 19 root apache 4096 Mar 10 12:56 framework
-rw-r--r--. 1 root apache 429 Mar 10 12:56 .gitattributes
-rw-r--r--. 1 root apache 399 Mar 10 12:56 .gitignore
-rw-r--r--. 1 root apache 296 Mar 10 12:56 .htaccess
drwxr-xr-x. 4 root apache 4096 Mar 10 12:56 images
-rw-r--r--. 1 root apache 6652 Mar 10 12:56 index.php
drwxr-xr-x. 5 root apache 39 Mar 10 12:56 installer
drwxr-xr-x. 89 root apache 4096 Mar 10 12:56 locale
drwxrwxr-x. 2 root apache 39 Mar 25 14:41 logs
drwxr-xr-x. 4 root apache 49 Mar 10 12:56 plugins
-rw-r--r--. 1 root apache 61 Mar 10 12:56 README
drwxr-xr-x. 4 root apache 4096 Mar 10 12:56 scripts
-rw-r--r--. 1 root apache 380 Mar 10 12:56 .scrutinizer.yml
drwxr-xr-x. 5 root apache 4096 Mar 10 12:56 styles
drwxr-xr-x. 5 root apache 4096 Mar 10 12:56 styles-public
drwxr-xr-x. 12 root apache 4096 Mar 10 12:56 templates
-rw-r--r--. 1 root apache 159 Mar 30 11:11 test.php
drwxr-xr-x. 3 root apache 20 Mar 10 12:56 themes
drwxr-xr-x. 26 root apache 4096 Mar 10 12:56 third_party
drwxrwxr-x. 5 root apache 80 Mar 26 13:45 tmp
drwxrwxr-x. 6 root apache 79 Mar 10 12:57 upload
Running namei -l /var/www/html/limesurvey/tmp gives:
[ec2-user#ip-x-x-x-xxx ~]$ namei -l /var/www/html/limesurvey/tmp
f: /var/www/html/limesurvey/tmp
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root www
drwxr-xr-x root root html
drwxr-xr-x root apache limesurvey
drwxrwxr-x root apache tmp
After much head-scratching, it transpired that SELinux was preventing the directory from being written to. I found a good tutorial that explains what's going on. I was able to fix it by running this command:
sudo chcon -R -t httpd_sys_rw_content_t tmp
in CentOS 6 above should be SELinux enable enforcing
setenforce Permissive
check the status
sestatus
refer to https://wiki.centos.org/HowTos/SELinux
to write to a directory you also need execute permissions to the dirs above.
namei -l /var/www/html/limesurvey/tmp
should show which step you do not have the correct permissions for.
HTTPDUSER=`ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\ -f1`
sudo setfacl -R -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX tmp
sudo setfacl -dR -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX tmp
Taken directly from the Symfony2 installation guide, this solves the problem with cache write access sharing between Apache and CLI tools. This might work for your tmp directory as well.
is_writable by default only checks on the user, not the group.
So even if you group is matching and has permissions is_writable will return false.
To relax this check you will need to set
safe_mode_gid = On
in the PHP config or change the user accordingly.
When I access the site at domain.com/web, I'm displayed this error. I changed the directory permissions and they are listed below. Any solution?
PHP User Error – yii\base\ErrorException
Exception (Invalid Configuration) 'yii\base\InvalidConfigException' with message 'The directory is not writable by the Web process: /var/www/.../site1/web/assets'
in /var/www/.../site1/vendor/yiisoft/yii2/web/AssetManager.php:168
Permissions:-
root#...:/var/www/.../site1# ls -l web
total 48
drwxrwxr-x 9 root root 4096 Mar 20 15:56 assets
drwxr-xr-x 2 root root 4096 Mar 20 15:50 css
root#...:/var/www/.../site1/assets# ls -l
total 8
-rw-r--r-- 1 root root 958 Mar 20 17:24 AppAsset.php
-rw-r--r-- 1 root root 628 Mar 20 17:24 error_log
Even after running this command:-
chmod -R 777 .
total 8
-rwxrwxrwx 1 root root 958 Mar 20 17:24 AppAsset.php
-rwxrwxrwx 1 root root 628 Mar 20 17:24 error_log
I'm still getting same error.
I had same issue few days back.
If this was working earlier and suddenly got this error and stopped working than just restart your PC and check again. Else do the following.
In order to make a directory writable by the webserver you have to set the directory's owner or group to Apache's owner or group and enable the write permission for it. Usually, we set the directory to belong to the Apache group and enable the write permission for the group.
This worked for me.
chgrp apache /path/to/yourdir
chmod g+w /path/to/yourdir
See below:
-rw-r--r-- 1 root root 958 Mar 20 17:24 AppAsset.php
-rw-r--r-- 1 root root 628 Mar 20 17:24 error_log
Try setting all the files within that folder to 777 as well.
I have a php script uploading files to a certain folder, currently they are uploading as a 'psacln' group, so that I can delete the files via FTP. This was all working fine when PHP was running as FastCGI, I had to change PHP to run as Apache Module in order to get a php extension to work. But now I can't delete files via PHP script because permission is denied. I assume because now the group 'Apache' is trying to delete the file that belongs to 'psacln'. How do I allow apache to delete those files?
EDIT: ls -alF
drwxr-xr-x 2 fugitiveink psacln 4096 Nov 13 14:05 92/
drwxr-xr-x 2 fugitiveink psacln 4096 Nov 13 06:57 93/
drwxr-xr-x 2 fugitiveink psacln 4096 Nov 13 14:12 95/
drwxr-xr-x 2 fugitiveink psacln 4096 Dec 21 18:56 96/
drwxr-xr-x 2 fugitiveink psacln 4096 Dec 21 08:30 97/
drwxr-xr-x 2 fugitiveink psacln 4096 Nov 13 14:26 98/
drwxr-xr-x 2 fugitiveink psacln 4096 Nov 13 14:28 99/
I assume that you have shell and root access to this system. If so, you can try adding the apache user (typically apache or www-data) to the /etc/group file.
The proper way to do this is to use usermod, though I typically just edit the file directly.
In short if your apache user is apache, try:
sudo usermod apache --append --groups psacln
This basically gives the apache user access to any files & directories that are owned by the psacln group.
If this doesn't work, post an example of your directory with the file permissions (ls -alF) and we can work from that.
EDIT:
To directly edit the groups file using nano (substitute with whichever editor you're comfortable with):
sudo nano /etc/groups
and find the psacln group and add the apache user:
psacln:x:130:apache
Note that the gid (130) will undoubtedly be different.
Set the permissions on the upload directory to 777 (wrx for all users). Can you still upload new files? If you can, you should be able to delete files.