My website creates files with owner apache:apache when uploading a file, like this:
drwxr-xr-x 2 apache apache 4096 Aug 28 14:07 .
drwxr-xr-x 9118 apache apache 233472 Aug 28 14:07 ..
-rw-r--r-- 1 apache apache 41550 Aug 28 14:07 468075_large.jpg
-rw-r--r-- 1 apache apache 26532 Aug 28 14:07 468075_medium.jpg
-rw-r--r-- 1 apache apache 50881 Aug 28 14:07 468075_original.jpg
-rw-r--r-- 1 apache apache 4316 Aug 28 14:07 468075_small.jpg
Now I am trying to create a file inside the same folder with the user that owns that domain in Plesk and I get permission denied.
How can I have both apache and shell user with permissions over that files?
Thanks.
You have to create a group and put your Plesk and Apache user in it. Than you have to chmod -R g+rwX on your files.
And set the default umask of your system to 002.
If that shell user is not apache but in the same group, you will need to make the folder group writeable.
chown 755 .
As it is right now it won't allow anyone other than apache to add a folder.
Or, you can try to use php to do fopen?
Thanks for the answers but I finally decided to run a cron job that will open a php script from the website using wget.
That way it's the same apache user that already has access to the files. I did this basically because I've got tons of files, about 300GB of images so it would take a lot I think to apply al the new permissions.
Related
I am trying to self host a PHP script called sngine. (facebook clone)
When trying to install it I get an error:
config.php - Required includes folder to be writable for the installation
when I run ls -l I get this: drwxrwxrwx 5 mbeck mbeck 4096 Aug 25 23:00 includes
I don't know why it is saying that it's not writable.
The script is in var/www/{domain name}/
I am on Apache/2.4.41 (Ubuntu) and PHP version: 7.4.22
EDIT:
I found someone saying to run chown www-data:www-data <directory> So I did, and permissions now return drwxrwxrwx 5 www-data www-data 4096 Aug 25 23:00 includes and the error is still there.
Ok, I found it!
I had to run sudo chown -R www-data /var/www/example.com/mydomain/includes/
Now it works!
I have Ubuntu 16.04 with Apache2 and php7 on it.
I wan't to read some log files with php and print them.
Therefore I do a simple
readfile("/var/log/apache2/access.log");
But that does not work. I get this error:
Warning: readfile(/var/log/apache2/access.log): failed to open stream: Permission denied in /var/www/test.php on line 2
I'm quite sure I've set the permissions right, Apache and php runs as www-data, so I added the user www-data to the groups 'adm' and 'syslog', as these groups have read permissions for the whole file path and the file itself.
Permissions are 640 by default, but only if I set it to 647 for example, the file is readable for php/apache.Even 644 or 646 is not enough.
Why is that? Do I have to change something in the Apache vhost config?
Addition: ls -alp /var/log/apache2
drw-r----- 2 root adm 4096 Oct 25 11:07 ./
drwxr-xr-x 9 root syslog 4096 Oct 25 10:39 ../
-rw-r----- 1 root adm 47861 Oct 25 14:01 access.log
-rw-r----- 1 root adm 12014 Oct 25 14:01 error.log
-rw-r----- 1 root adm 0 Oct 25 10:40 other_vhosts_access.log
Since this is clearly a permissions error, ensure each parent folder leading to access.log definitely have the group set to either adm or syslog.
Each folder leading up to access.log must have at least a group permission of read and execute (g+rx) to allow PHP to descend into each sub-directory.
If I were you, I would change the apache config to write the file to a publicly inaccessible folder in your web root (since the log file is clearly essential in your application). This saves you from modifying system folder permissions which can be dangerous especially in web applications.
I want to open the Moodle's web installer as stated by the document (see step 3). Problem is that, I only see the content of the installer file and not the installer itself! Why such thing happens?
root#qemu:~# ls -l /var/www/html/
total 20
-rw-r--r-- 1 root root 11321 اوت 31 23:35 index.html
drwxr-xr-x 7 mahmood mahmood 4096 سپتام 3 15:42 kar3
drwxr-xr-x 49 www-data www-data 4096 سپتام 15 16:42 moodle
root#qemu:~# which php
/usr/bin/php
root#qemu:~# which php7.0
/usr/bin/php7.0
Your file has .html suffix while PHP files must have .php.
Change to .php and enable PHP on server if not already.
Check here for possible problems.
I know this question is asked a lot, but I can't seem to find the error why my symlinks sometimes aren't working.
I have two folders:
/home/user/domains/example.com/folder1
/home/user/domains/example.com/folder2
These are their permissions:
drwx--x--x 9 root root 4096 May 12 11:15 home
drwx--x--x 7 user access 4096 Feb 9 10:23 user
drwx--x--x 3 user user 4096 May 5 2014 domains
drwx--x--x 12 user user 4096 Jul 7 09:52 example.com
drwxr-xr-x 2 apache apache 4096 Jan 21 09:22 folder1
drwxrwxrwx 4 user user 4096 Jul 9 10:38 folder2
in PHP I create two symlinks:
symlink("/home/user/domains/example.com/folder1","whatever/folder");
symlink("/home/user/domains/example.com/folder2","whatever/folder");
Why is my symlink to folder1 working and my symlink to folder 2 not? I have been looking at it for hours now..
Edit:
Well, as my provider isn't of any help, I'd like to try a different solution: create a symlink and immediately change its owner. This, however, gives me an 'Operation not permitted' error. Any ideas on that?
Assuming the symbolic links were created successfully, folder2 most likely yields a permission error when Apache is configured to only follow symbolic links if the owner matches; you're looking for this specific configuration option:
SymLinksIfOwnerMatch
You could make Apache less rigid by using the following option instead:
FollowSymLinks
Alternatively, fix the ownership of the symbolic link target to make it work.
Try to delete both symlinks then 1) try PHP again and see if it persists and 2) logging in via SSH and create the same links using ln instead, for example
ln -s whatever/folder /home/user/domains/example.com/folder1
If that works, then it is probably a permission issue with the folder you are linking from or into, that the apache server / PHP cannot address
Does whatever/folder have enough permissions?
Remove folder1 and folder2 then Try
symlink("/home/user/domains/example.com/folder1.txt","whatever/folder");
Change the user group of folder2 from user:user to apache:apache
chown -R apache:apache folder2
The reason is because Apache needs the group permissions rather than a normal user.
Overview
I'm using Laravel 4.2 with an image upload feature. I have it set up on Homestead, but recently I removed Nginx and serve the site with Apache instead (due to the need to use Server Sent Events).
Before I moved from Nginx to Apache the file upload functionality worked fine. It also works fine on a staging server with Apache.
The Error
I'm using the Intervention image library to handle image uploads. When I try to upload a file, I get the following in my laravel.log file:
Can't write image data to path (/home/vagrant/projects/projectname/public/assets/pics/profile/photos/f55f0ae2-2d1a-4fdd-b9be-39d8a509baa3.jpg)
What I've Tried
I thought it was just a simple permissions error. I've gone so far as to chmod my asset directories to 0777, change the directory owner to www-data, create a new group called web with www-data and change the owner group to that, (basically everything in this answer and more) and still it doesn't work.
The directory definitely exists, and like I mentioned, it worked before the move to Apache (I'm not entirely sure if it's related but it seems likely).
My /var/log/apache2/error.log is empty, too.
The staging server works fine, but I don't want to encounter the same problem when I provision the production server. I'd like to fix the problem and understand it more so I can fix it if I ever come across it in the future. Why is this happening and what can I do to fix it/debug further?
Example Folder Permissions
drwxr-xr-x 1 vagrant vagrant 272 Jan 26 11:07 assets/pics
drwxr-xr-x 1 vagrant vagrant 170 Jan 26 10:11 assets/pics/defaults
drwxr-xr-x 1 vagrant vagrant 714 Jan 26 14:10 assets/pics/forums
drwxr-xr-x 1 vagrant vagrant 646 Jan 26 14:10 assets/pics/forums/thumbs
drwxr-xr-x 1 vagrant vagrant 170 Jan 20 18:02 assets/pics/gallery
drwxr-xr-x 1 vagrant vagrant 3026 Jan 26 13:24 assets/pics/messages
drwxr-xr-x 1 vagrant vagrant 2992 Jan 26 13:24 assets/pics/messages/thumbs
drwxr-xr-x 1 vagrant vagrant 136 Jan 8 17:27 assets/pics/profile
drwxr-xr-x 1 vagrant vagrant 136 Feb 10 14:48 assets/pics/profile/photos
drwxr-xr-x 1 vagrant vagrant 102 Feb 10 14:51 assets/pics/profile/photos/thumbs
For some reason the owner/group is still vagrant, even when I chown them. I've tried with sudo chown and by doing sudo -s.
Try modifying your Vagrantfile to include this line, before the end of the Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| block:
config.vm.synced_folder "/path/to/laravel/app", "/home/vagrant/projects/projectname", :owner => "www-data", :group => "www-data", :mount_options => ["dmode=775", "fmode=664"]
The string "/path/to/laravel/app" must point to dir you're working on outside the Vagrant machine. This should force the file owner and permissions to be the ones you specify for all the project files (so they're not overridden by vagrant). You'll need to restart the VM after you make the change.
How are you doing your chown? It should be
chown USERNAME GROUP -R /path/to/file