I am trying to install RackTables on a Ubuntu Server 13. I have followed all the steps on the documentation. When I get to the step after I connect to the database I cant seem to figure out the ownership settings.
I have set up the database as follows :
mysql -uroot -p
create database racktables;
grant all on racktables.* to root;
grant all on racktables.* to root#localhost;
grant all on racktables.* to rackuser;
grant all on racktables.* to rackuser#localhost;
set password for rackuser#localhost=password('rackpw');
exit
Here is the step that I am stuck on;
RackTables installation: step 4 of 7
Please set ownership (chown) and/or permissions (chmod) of /var/www/racktables/inc/secret.php on the server filesystem as
follows:
The file MUST NOT be writable by the httpd process.
The file MUST be readable by the httpd process.
The file should not be readable by anyone except the httpd process.
The file should not be writable by anyone.
For example, if httpd runs as user "nobody" and group "nogroup",
commands similar to the following may work (though not guaranteed to,
please consider only as an example):
chown nobody:nogroup secret.php; chmod 400 secret.php
I have tried the
chown root:rackuser /var/www/racktables/inc/secret.php
chmod 400 /var/www/racktables/inc/secret.php
I cant figure out how to set up the permissions so that they fall into this category
The file MUST NOT be writable by the httpd process.
The file MUST be readable by the httpd process.
The file should not be readable by anyone except the httpd process.
The file should not be writable by anyone.
Please help. Any suggestion is appreciated
Thank you
First you have to figure out which user and group your web server (Apache/nginx/etc) are running under.
If you're using Apache, you should be able to check by running:
grep -E '^(User|Group)' /etc/apache2/apache2.conf
In Ubuntu, it's common for both user and group to be www-data.
Once you know that, you should be able to change the file's ownership like:
chown [webserveruser]:[webservergroup] /var/www/racktables/inc/secret.php
Example:
chown www-data:www-data /var/www/racktables/inc/secret.php
Keep the chmod the same as you had before.
This should mean it's readable by the www-data user and only the www-data user, writable by nobody (including www-data), which should mean all four of your conditions.
Related
I've done a server, but I'm receiving a bad message when I try to create a php file in "/var/www/html". It says: permission denied.
I've looked for a solution, but I don't want make "myuser" permission like "root" amd I have also read that it is a bad practice.
I've tried, with PHPStorm, to access to the server with SFTP, but in the end I however can't upload a file or create it.
Thank you before!
By default the owner of the files within /var/www/html is the www:data group. All you have to do is add your self to the www-data group.
sudo adduser <username> www-data
sudo chown -R www-data:www-data /var/www
The first line adds you to the www-data group, the second line clears up any files with messed up ownership.
See more about best practices here https://askubuntu.com/questions/46331/how-to-avoid-using-sudo-when-working-in-var-www
Hope this helps!
I'm using CodeIgniter's upload helper and received the above error when trying to upload an image. The permissions for the folder I'm trying to upload to are 755. When I changed it to 777, the error went away, but isn't 777 kind of a security risk?
I'm running on Apache. Is there a better way to allow users to upload files without setting the folder permissions to 777? How can I get 755 to work?
Thanks for the help!
If the folder is for loading files by users than permisision 777 is required.
It's up to you to validate what files are loaded through upload script.
Also you can use .htaccess to alow or not alow certain files to be executed from that directory.
The documentation for upload in codeigniter it's pretty simple and intuitive. Also here you can look at some ways to validate the type of files that are uploaded https://codeigniter.com/userguide3/libraries/file_uploading.html
I don't think so giving any folder on server 777 permission is good. Instead giving 777 permission i suggest make www-data user as owner of desired folder and give 755 permission like below
chown -R www-data:www-data /var/www/html/uploads/
For 755 permission
chmod 755 -R /var/www/html/uploads/
In my NGINX + PHP-FPM installation the issue was solved changing the SElinux parameters from enforcing to permissive:
edit and change options with vi /etc/selinux/config
apply options without restart with sudo setenforce 0
check the status with sestatus.
try this:
sudo chmod 777 -R /path/to/write/folder
I know this is not an active question and may not be an issue for most but because I came across this I wanted to clarify for anyone else that may see this.
You DO NOT need 777 permission on your upload directory. This is actually not a good idea. The last 7 means it is public writable which does not need to be in most cases. Typically 755 should be good enough
More than likely the issue is that the directory is not owned but the user running Apache which is typically www-data
Step by step:
Check owner of dir (i.e.)
ls -l /path/to/upload/
Output should show similar
drwxr-xr-x 4 www-data www-data 4096 Oct 26 20:41 uploads
If not then you should change to www-data if that is the user Apache is running under. To check what user apache is running under :
ps aux | egrep '(apache|httpd)'
This should list something similar:
www-data 419 0.0 0.9 556292 156656 ? S 18:46 0:00 /usr/sbin/apache2 -k start
Hope This Helps!
I know that there are a lot of similar questions, but just hear me out and if this was a silly question and there was nothing new about it, i'll just delete this question.
I'm trying to upload using php, but I get permission denied. So here's what I did to solve it and didn't work:
first of all, this is localhost, so i can't set the owner of the files to apache, because I won't be able to edit them.
So I got the apache user name in php, and it was www-data
I created a new group called 'localhostowners'
I added my own user to this group
I added www-data to the group
when I run
grep -i 'localhostowners' /etc/group
I get
localhostowners:x:1001:mnvoh,www-data
And then I set the file permissions for everything on the localhost dir to 764
and set the owner with this:
sudo chown -R mnvoh:localhostowners localhostdir
But now I can't execute the php scripts hence the 4. although according to what I know, the 6 should be affecting apache, since I set the group on the files. What am I doing wrong here???
Thanks everybody :)
Test with:
sudo chown -R mnvoh:localhostowners localhostdir
sudo chmod 764 -R localhostdir
-R: recursivity
First you should check the permission the file
ls -a
or
ll
and make sure the person who want to execute the file have X permission.
-user-group-other
-rwx rwx rwx
I have a function in PHP language to create an xml file when requested.
if(($file= fopen("./include/catalogo.xml", "w"))==false){echo 'non creo il file'; return false;}
"catalogo.xml" can't be created, permission denied. I know I should try to change permissions, but how can do this if the file doesn't exist? Or, are there things that I ignored?
I think you might be ignoring the permissions of the directory (./include).
I'm assuming you are running this PHP via a web-server and on Linux (like Apache for example) - in which case the user account that is trying to create the file will be 'apache' or 'www-data' (or whatever user your webserver is running under).
On your server - have a look at the permissions of ./include - you need to do one of two things:
a) make ./include world writable (so the 'apache' user can now create a file inside of it).
b) change the owner or group of the ./include to 'apache' so it can create a file inside of it.
Your PHP is fine - it's the permissions of the folder it is trying to create the file inside of that is not.
You have to change the ownership of the directory "include" and set it to the web server's user and set the permission to a reasonable value:
$ sudo chow www-data include
$ sudo chmod 755 include
If you don't know which user your web-server is running by you can open the include dir permissions world-wide:
$ sudo chmod 1777 include
after create the creation of catalogo.xml you check the include diretory:
$ sudo ls -al include
-rwxr-xr-x 1 http web 4096 May 5 15:37 catalogo-xml
Now you can change the ownership of the directory "include" and set it to the web server's user (http) and reset the permission to a reasonable value:
$ sudo chow http include
$ sudo chmod 755 include
See also the manual of chmod, chown and ls:
$ man chmod
$ man chown
$ man ls
If you use the terminal and go to the parent of folder your file will be created in, which is the parent of the include folder and type in the command:
chmod 777 include
This should change the permissions of this folder so you won't receive the permission denied error anymore. If you do try this command:
chmod -R 777 include
I've got DOMPDF 0.5.1 running in a Drupal implementation on my localhost (xampp, windows 7) which generates my Pdf's just fine.
But when i commit this to the live server things go wrong. I get the error: "The font "Futura" contains a bad /BBox"
And all text is displayed as dots.
Any idea what might be going on?
The user who starts your webserver i.e. httpd or apache must have read/write access to the font folder as well, that might cause the problem.
Give your webserver write permission on the path specified in DOMPDF_FONT_DIR (lib/fonts by default). Under *nix, ideally you can make the webserver group the owner of this directory and give the directory group write permissions. For example, on Debian systems, Apache runs as the www-data user:
$ chgrp www-data lib/fonts
$ chmod g+w lib/fonts
If your user is not a member of the www-data group or you do not have root privileges, you can make the directory world writable and set the sticky bit:
$ chmod 1777 lib/fonts
http://code.google.com/p/dompdf/wiki/Installation