I have a deploy BASH script which runs as Jenkins CI job. It runs under the jenkins user. Deploy needs to delete old directory and replace it with new one. But there is a problem. Laravel generates the files like session or cache with chmod 644 as www-data user. It means although Jenkins is in the www-data group he can not delete the generated files cause group has only read permission.
I found something about permissions in Laravel documentation, but it does not work cause it is only for storage/app folder.
The question is is there a way to force Laravel or PHP demon to generate files with required permissions e.g. 664? Hope it is. Thanks for any help.
My straight forward solution is to run endless background script as root which find and deletes required directories every 10 seconds. It runs as nohup so it is still running although I close the terminal.
while true
do
find /var/www -maxdepth 1 -type d -name 'deploy-old-*' -exec rm -rf {} \;
sleep 10
done
The final solution is to set up ACL privileges for parent directory via setfacl command.
setfacl -R -dm "g:www-data:rw" /path/to/dir
This ensures the generated files will inherit the ACL privileges from parent dir.
I am learning PHP at the moment on Linux. I have an Apache2 server running locally. Whenever I tried to save a PHP file into the root directory of Apache2 server ( /var/www/html/), I was told that permission denined.
So, I searched around and found that by default, the admininstartor do not have the root access unless explicitly request for it (like sudo su). I have also seen some posts which ask me to use gksu nautilus. However, my linux 14.04 LTS Ubuntu doesn't comes with it. (I know I can use apt-get gksu but at the moment, downloading it from internet is not an option).
Is there anyway that I can change the permission to my Apache2 server root directoy so that I can use any text editor to save/edit to that directory directly. Only the ways that do not need downloading stuffs from internet are feasiable for me at the moment.
For linux open the terminal with root login then go to the root folder and run the following command chmod 777 following is the example :-
To change all the directories to 777 (-rwxr-rwxr-rwxr):
find /opt/lampp/htdocs -type d -exec chmod 777 {} \;
To change all the files to 644 (-rwxr-rwxr--rwxr--):
find /opt/lampp/htdocs -type f -exec chmod 777 {} \;
If this will not work then try the following :-
Create a new group
groupadd webadmin
Add your users to the group
usermod -a -G webadmin user1
usermod -a -G webadmin user2
Change ownership of the sites directory
chown root:webadmin /var/www/html/
Change permissions of the sites directory
chmod 2775 /var/www/html/ -R
Now anybody can read the files (including the apache user) but only root and webadmin can modify their contents.
Hope this will help you in solving your problem.
You can set the DocumentRoot in your /etc/apache2/httpd.conf file to a place where Apache has write access. For example, you could set it to /tmp/www if you made a directory there. (If you still don't have access, you can always give everyone read access by running chmod a+r /tmp/www, but you should probably be fine.)
Obviously leaving your Apache Document Root as /tmp/www is a bad idea, so you can change it to something like /home/chris once you've got it working.
One important note: after you make a change like this, you must restart the Apache server. This can be done by running apachectl restart; ironically, you might have to have administrator rights in order to execute this (or even edit the config file in the first place), so make sure you prefix your edit & restart with sudo just in case.
I have a ec2 image and get the following error when trying to create a new laravel project.
[ErrorException] mkdir(): Permission denied
Here is the command:
composer create-project laravel/laravel mydir
I can write to the folder with my ec2-user username but do I need to add permission for composer to write?
Quick Answer:
For security reasons, lets keep root as the owner and just allow ourselves to read, write, and execute within the area which we will be working in.
Change directories
cd /var/www/
Change group ownership
sudo chown -Rv root:$USER .
Add priviledges to our group
sudo chmod -Rv g+rw .
For the grand finale, go ahead and create your new laravel project
composer create-project laravel/laravelprojectName--prefer-dist
Congratulations, We're done. :)
In-Depth Explanation
Explanation behind the solution:
By default you have two users; root and $USER(this is the global variable, but the actual name is whatever you put as your username). Every user created comes with a group as well. So if my username is john, I have a group called john.
There are many ways to solve this problem but I perfer this route for a few reasons:
I still want root to be the owner of the files for security reason.
I am working in a localhost so there shouldn't be any other (guest)users writing on my files.
In order to achieve this we will need to edit the group ownership and add the proper permissions. We will leave the others as is and only allow them to read and execute the files.
So lets get started:
I like being in the directory that I am making changes to in order to avoid mistakes so first we will need to enter the the directory which we will be working in.
cd /var/www/
We will need to change the group ownership of the directories which we will be working in. Starting from the directory which we are in and all the future directories and files we will create underneath this directory. So basically any children directories from now on will be own by our group.
sudo chown -Rv root:$USER .
chown = command to change owner.
-R = Recursive - This is basically stating to perform the same command to all the directories within this directory.
-v = verbose - we are stating here to keep us updated by showing us what is actually happening.
root:$USER = This is were we are setting the ownership. The first word before the colon(:) states the root will be the single owner. The second word after the colon(:) states that the group owner will be $USER(the current user).
. = This just means 'here, in this directory'.
Now we are going to add the right privileges to our group. Keep in mind this is where we allow root to be the primary owner while ONLY allowing ourself's to create changes(of course, besides root). As I mentioned before, this does not allow other users to create any changes what so ever.
sudo chmod -Rv g+rw .
chmod = command to change modifications, in this case, privileges.
-Rv = Recursive & Verbose
g = this states who will receive the modifications. In our case g-group Other options are u-user and o-other.
+ = symbolizes add
r = symbolizes read
w = symbolizes write
Now we are done. Try creating a new laravel project.
composer create-project laravel/laravelprojectName` --prefer-dist
Note: If this is not working, enter the command ls -al | grep $USER while inside the /var/www/ directory.
If you get this:
drwxrw-r-x
You are missing the executable(x) privilege for the group. The first x is for the user and last x is for others. There should be middle x for the group.
Run the following command and you should be all set to go:
sudo chmod -Rv g+x .
Now if you run ls -al | grep $USER, you should get:
drwxrwxr-x
add "www" group and add your user to this group
sudo groupadd www
sudo usermod -a -G www ec2-user
logout/login
set ownership and write permissions
sudo chown -R root:www /var/www
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} +
find /var/www -type f -exec sudo chmod 0664 {} +
Referencing: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/install-LAMP.html
I ran into the similar ErrorException, when creating an additional project inside the Homestead/Vagrant environment.
I had previously added folders and path to the Homestead.yaml.
The answers of Oscar and Jens A. Koch pointed into the right direction, but go too far on my dev-machine.
Working narrower solution inside Homestead-Box:
sudo mkdir <ProjectDir>
sudo chgrp vagrant <ProjectDir>
sudo chmod g+wx <ProjectDir>
composer create-project --prefer-dist laravel/laravel <Project>
The gist of the problem
Installing Laravel inside /var/www/html folder is a common requirement. However, the system defaults usually sets the user and group for this folder and its parent(www) to root And composer will complain if you run it as root.
Solution
Find the user corresponding to your apache/nginx server. It usually has names like www,www-data etc. You can run the below command to get a clue
cat /etc/group | grep www
With the knowledge of the server user(from above), you can run the below commands. I am assuming that your server user is www-data
# Under your user account, change directories
cd /var/www/
# Change group ownership
sudo chown -Rv root:www-data .
# Give all the privileges to the group
sudo chmod -Rv g+rwx .
# Add your user name to www-data group, use 'who' command to get your username
sudo usermod -a -G www-data your_user_name
# Verify that your user name is in the www-data group by typing
group your_user_name
# Very important, logout of the system and come back to this folder
# Do the the laravel install
composer create-project --prefer-dist laravel/laravel projectName
# Not finished yet! recursive make the www-data the group owner of projecName which the folder in which Laravel site resides by now
sudo chown -R :www-data projectName
Make sure that you have read/write folder permission. It works to me.
Like in ubuntu
var/www/html
So if you want to make dir in html folder then first give permission to html folder. Then you are done. Thanks.
This Problem with a Vagrant box
If you tried to install something with composer in a new vagrant box, it is possible that when installing the vagrant you have specified the path you are allowed to use.
So check your personal .yml file in order to check this under
\ansible\vars
there you have something like this
vagrant_local:
vm:
name: oxideshop
hostname: oxideshop.local
aliases:
- www.oxideshop.local
app_shared_folder:
source: oxideshop
target: /var/www/oxideshop
You have to make sure, that the app_shared_folder target is the same you use for the composer installation.
Example:
composer create-project oxid-esales/oxideshop-project
/var/www/oxideshop dev-b-6.1-ce
Make sure that you have read/write folder permission.
LIKE: sudo chown -R USER NAME:www-data /PROJECT PATH/USER NAME/PROJECT NAME/
Example:
$ sudo chown -R tubai:www-data /home/tubai/firstlara/
Run the following commands
cd /var/www
sudo chown -R $USER:www-data html/
sudo chmod -R 775 html/
I had the same problem and executing the command using sudo just worked for me:
sudo composer create-project laravel/laravel mydir
cd to the directory where you currently want to install laravel and change directory access with
sudo chmod -R 777 ./
type your password and you are good to resume to the installation
I have a php script that runs as the user 'codex' and I'm trying to get it to create a new directory to be used as a git repo inside of /home/git/repositories/
I added the codex user to the git group but I must have missed some permissions or something because when I sudo into codex and go to the /home/git/ directory and run mkdir I get a permissions denied error. And of course I get the same error running mkdir in php as well.
I'm running on CentOS 5.9
Any help would be appreciated.
--Vince
Make sure the group has write access (and read and list access while we're at it):
chmod g+rwx /home/git
You might also want to make sure the directory's group is the git group:
chgrp git /home/git
Haven't been able to figure this out yet.. I've seen a few answers around but none of them help.
I'm trying to use Github Webhooks to have github hit a url on my server and have the server pull down newly committed items as soon as that hits. I have a php script with the following:
<?php `git pull git#github.com:my-user/myrepo.git`; ?>
However that script when hit is run as user apache so I tried:
chown -R apache:apache .
and it still has a permission denied error.
So then I tried editing the sudoers file and changing the following:
Host_Alias LOCAL=127.0.0.1
apache LOCAL=NOPASSWD: /var/www/html/git-hook.php
and that still doesn't work.
How can this be accomplished? If I run:
sudo php git-hook.php
it works just fine so nothing is wrong with the code in the php file. I just want that to be automated.
Any ideas?
Edit:
I also forgot to mention. I even created a folder /home/apache/.ssh and copied the public key for the git pull over and same result.
Change your PHP to run git via sudo
<?php `sudo git pull git#github.com:my-user/myrepo.git`; ?>
Then change your suoders to allow git to be run by the apache user
apache ALL = NOPASSWD: /usr/bin/git
There are already Git Wrappers and librarys. Maybe you can try one of them:
https://github.com/kbjr/Git.php and/or http://www.gitphp.org/projects/gitphp/wiki
I did this for a dev site -- i wouldnt advise this for a prd site although i cant think of anything particularly dangerous about it provided the scripts dont take parameters..
I created a php script that does a git pull. In the web browser I navigate to that script and any changes pushed by deisgners etc are automatically deployed.
http://.../gitpullscript/gitpullscript.php
This works by creating a git checkout that the apache user owns. You do this by creating a directory somewhere outside the document root belongs to the apache user (www-data in this case). Then a git clone into that directory, so all the files belong to www-data. afterwards soft link the directories i want into my document root so they can be accessed ni the web browser.
www-data is not in the git group, and the repositories are setup so that everyone can read (but not write).. therefore www-data can pull but not push
in the project heirarchy I created a directory to hold the gitpull script.. I use .htaccess to password protect this dir.
<?php exec('cd /var/www-data/projects/myrepo; git pull');
mkdir /var/www-data
sudo chown www-data-www-data
su www-data
mkdir /var/www-data/projects
cd /var/www-data/projects
git clone my-repo