I'm new to .php and servers and all this craziness (and StackOverflow) but I've downloaded Apache and I'm trying to symlink a PHP code folder to the Apache root directory. My Apache root was var/www/html and my PHP code folder is Documents/PHPStuff. I renamed var/www/html to var/www/html2 and I made a symlink in var/www/ called 'html' which links to Documents/PHPStuff, thinking if I renamed the symlink to the name Apache is looking for then it would work.
It doesn't.
When I try to access my test file in Documents/PHPStuff called 'helloworld2.php' in my browser with 'localhost/helloworld2.php' I get a 403 Forbidden Error.
I've been messing with permissions on the symlink and in the PHPStuff directory, changing them to 777 and stuff but it hasn't worked. I also changed my httpd.conf file by changing FollowSymlinks None to FollowSymlinks All. Nothing has worked yet so this was my last resort.
Try to don't touch your http.conf. Instead, edit files from conf.d path.
To grant access to your home paths, edit your /etc/http/conf.d/userdir.conf to activate user dir option, like:
<IfModule mod_userdir.c>
#UserDir disabled
UserDir public_html
</IfModule>
<Directory "/home/*/public_html">
AllowOverride All
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
then, restart your apache.
Now, you have to create a directory /home/$USER/public_html and create into it the symlink to your ~/PHPStuff, like
ln -s ~/PHPStuff ~/public_html/PHPStuff
You can move PHPStuff to ~/public_html/ instead create the symlink.
Ensure that your homedir have 711 permissions, public_html have 755 and the dirs and files inside PHPStuff are readable by everyone.
Finally, type into your web browser
http://localhost/~user ('user' is your system username)
and you will see your PHPStuff listed. You can type
http://localhost/~user/PHPStuff
to view the PHPStuff content directly.
Good luck!
You shouldn't need to do all of that.
This is how I set up my symlinks.
When I install apache, it's web directory is located at /var/www/html which doesn't really need to be changed.
Then, I create a folder called public_html, you can call it PHPStuff, doesn't matter. What matters is that the folder is inside your home directory, so /home/your_username/PHPStuff
Then link that directory to /var/www/html
sudo ln -s ~/PHPStuff /var/www/html/$USER
You can then access ~/PHPStuff by going to your browser, and typing:
http://localhost/your_username
Which will give you access to ~/PHPStuff
After you do that, set proper permissions:
sudo chmod -R 777 ~
Then make sure apache allows symlinks by going to /etc/httpd/conf/httpd.conf and editing this portion Directory "/var/www/html"
And make sure you have these:
Options Indexes FollowSymLinks
AllowOverride All
Restart apache and everything will work.
You need to make sure apache has access to the folder that the symlink is pointing to, try running:
chmod a+x /home/your-username /home/your-username/Documents/PHPStuff
Related
I have an new Ubuntu server and I installed Apache and PHP.
I have two domains: example1.com and example2.com.
How can i prevent example1.com PHP scripts from seeing example2.com folders? and viceversa?
I wish example1.com could only read folders inside /var/www/example1.com/ and example2.com could only read folders inside /var/www/example2.com/ .
Even at this moment both example1.come and example2.com can see the contents of the entire disk /var/... /etc/... everything.
How can I correct the situation?
Thanks,
Gabriele
With this simple code I can see all the contents of the disk, even outside the domain folder:
$path = "/"; //or "/etc/" or "/var"
$scandir = scandir($path);
This is the VirtualHost configuration, it is the same for both sites, only the domain name and folder name changes.
<VirtualHost *:80>
DocumentRoot /var/www/example1.it/
ServerName example1.it
ServerAlias www.example1.it
<Directory /var/www/example1.it/>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex index.html index.htm index.php
</Directory>
</VirtualHost>
What you essentially want to do is to remove read/write/execute access to various folders. Apache is the application which parses your php code that you write above, so you should remove read/write/execute permissions from whatever username you have configured apache to run under i.e. www-data. This will prevent apache executing your above php code successfully as it will not have the necessary permissions to access those files/folders.
For security you shouldn't make apache the owner of any files in the /var/www folder. You should create a separate new user (with no shell) for each web app you store in the www-data folder and assign that new user as owner for all files and folders associated with that particular web app. In this way if Apache is compromised all your web apps and associated files are not compromised simultaneously.
Assign www-data as the group for files and sub-folders in /var/www , so that Apache can read and serve your web apps.
Give www-data read and execute permissions permissions for folders, only give www-data read permissions for files. In this way if Apache is compromised none of your files can not be modified by Apache.
//web app 1, set owner and group, do not set www-data as owner !
sudo chown -R web-app-1:www-data /var/www/app1
//web app 1, set appropriate permissions for all sub-folders as detailed previously
sudo find /var/www/app1 -type d -exec chmod 750 {} \;
//web app 1, set appropriate permissions for all files in sub-folders as detailed previously
sudo find /var/www/html/app1 -type f -exec chmod 640 {} \;
I have installed Apache version 2.4.29-1 in Manjaro Linux. The document root is /srv/http where apache properly displays files. But I don't like the idea of coding into the root user's directory of my system, so I want to keep the code in /home/aditya/Prog/PHP
I have set apache to access the directory by adding following lines into /etc/httpd/conf/httpd.conf
<Directory /home/aditya/Prog/PHP>
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
Allow from all
</Directory>
Also, I have added a link to this directory in /srv/http
sudo ln -s /home/aditya/Prog/PHP/ PHP #in /srv/http
But when I try to access localhost/PHP, I get
Access forbidden!
You don't have permission to access the requested object. It is either read-protected or not readable by the server.
If you think this is a server error, please contact the webmaster.
Error 403
localhost
Apache/2.4.29 (Unix) PHP/7.2.3
The permissions of /home/aditya/Prog/PHP and the test file inside are
drwxrwxrwx PHP
-rwxrwxrwx test.php
What else do I need to do?
You also need to change the DocumentRoot setting in your httpd.conf file.
Look for DocumentRoot and set the path to /your/path/to/project.
Apache2 site specific config files are kept in /etc/apache2/sites-available/. If you only want to apply config settings for a specific site.
My Linux server is running PHP 7 as a CGI on Apache2. In php.ini I have
error_log = /var/log/apache2/php.log
Now, I have two problems:
1) All PHP errors go to /var/log/apache2/error.log instead of php.log. I have edited the right php.ini because ini_get('error_log') returns the full path of php.log in PHP.
2) When I try to open either of those files in PHP, I get permission denied. I have chmod'd both files to 777, but PHP is still unable to access them.
The server has been restarted multiple times so the configuration changes apply. My Apache configuration is this:
ErrorLog ${APACHE_LOG_DIR}/error.log
ScriptAlias /local-bin /usr/bin
AddHandler application/x-httpd-php7 php
Action application/x-httpd-php7 /local-bin/php-cgi7.0
<Directory "/usr/bin">
Require all granted
AllowOverride All
</Directory>
How can I redirect PHP errors to the right file, and also make it readable for PHP? Thanks in advance!
You need to change the owner and the group of the log directory and the log file/s (if already exist/s) to www-data:
sudo chown -R www-data:www-data /path/to/log/directory
Dont change the directory permissions to 777 as it might cause security issues, use 775 instead. For the log files use 664.
You might also want to add your system user to the group www-data if not already a member (use groups command to check for your existing groups), a system reboot is required after that for the changes to take effect:
sudo adduser user www-data #change 'user' to your
Just backed up a site to my local computer using CPanel.
I unzipped the file then placed it in /var/www.
Now my problem is that when I try to access HTML/PHP files from the public_html folder for the site via a browser (localhost/ndovucard/public_html/modules/contact_us.php), I get the 403 Forbidden Error by Apache2 server, and yes I did sudo chmod 755 /var/www.
Thanks.
There are can be several reasons why you are getting **403 Forbidden Error **
First check out weather you are denying permission to an .htaccess file and
that your apache2 is configured to allow htaccess file overide.
Check out your apache2 sites-available by using this command
in order to make your .htaccess files ( if you have any) work as expected, you need to edit this file:
sudo gedit /etc/apache2/sites-available/default
and then Look for a section that looks like this:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None // change **`None`** to **`All`**
Order allow,deny
allow from all
# Uncomment this directive is you want to see apache2's
# default start page (in /apache2-default) when you go to /
#RedirectMatch ^/$ /apache2-default/
</Directory>
. You need to reload Apache in order this change to have an effect:
sudo /etc/init.d/apache2 reload
OR
sudo service apache2 restart
If that is not the case, you have have permission set not correctly as you have said .
sudo chmod 775 /var/www/yourProjectFolderHer* -R
Hope that may help
sudo chmod 755 -R /var/www
and show your /var/log/
I have setup apache according to this article
https://help.ubuntu.com/community/ApacheMySQLPHP
and I have created a new site config in /etc/apache2/sites-available/mysite
and changed the document root and directory to :
DocumentRoot /home/gapton/public_html
<Dictory />
..
..
</Directory>
<Directory /home/gapton/public_html/>
...
...
...
...
</Directory>
and I sudo a2dissite default && sudo a2ensite mysite to disable and enable them, restarted apache2 and things are working.
I then setup vsftpd and config the vsftpd.conf file to :
local_enable=YES
write_enable=YES
connect via Notepad++ with the user 'gapton' and I created a file called test.php under home/gapton/public_html. It would not be readable by Apache it seems. I did sudo chmod -R 755 ~/public_html and it would load alright.
However any subsequent files created via vsftpd will not be readable.
Since I have logged in to the only account gapton when connecting via FTP, then any newly created file should be owned by gapton right? What happens when apache tries to access a file/folder location, what credentials does it access it by?
How do I config it so that all files created by gapton can be read by apache? (Also, is it at all advisable?)
Thanks.
I found the problem.
In older version of vsftpd, the umask they apply when writing file was by default 022.
In the current version, such default value has been changed to 077. This mask read 4 write 2 and execute 1 for everyone except the owner.
Changing the umask value in the vsftpd.conf file back to 022 has solved my problem. Hope this help future users of vsftpd facing the same issue.