We Keep Coding

Permission problems with Apache on Centos

I've set up a LAMP machine with Centos, apache, MySQL and PHP 7.4.
my user via ssh is mformisano, I'm able to login via SFTP with mformisano and browse folders.
It's an intranet machine, so we are not so severe on restrictions, but, if I type the address into the browser I can execute PHP files, but these files are not able to extract files, create files, etc into the var/www/html folder.
Actually the www folder is:
drwxr-s---. 4 apache apache 31 29 ott 22.34 www
inside:
drwxr-xr-x. 21 root root 4096 29 ott 22.34 ..
drwxr-x---. 2 apache apache 6 19 ott 15.54 cgi-bin
drwxrwxr-x+ 3 apache apache 4096 2 nov 10.49 HTML
If I give permission to mformisano, I can browse via FTP, PHP is executed.
If I give permission to apache:apache I cannot browse, PHP is executed.
If I give permission to mformisano:apache I can browse, PHP is executed.
If I give permission to mformisano:mformisano I can browse, PHP is not executed.
I do need to both browse and execute PHP, so mformisano:apache should be the right way, but when I execute kickstart.php (a WordPress plugin that extracts a .jpa archive) this is not extracting and give me an error about writing permissions.
What am I doing wrong?

The PHP files are going to be parsed by Apache. Typically Apache will be running under the user www-data, in any case find out what user Apache is running under and give the appropriate permissions to the user that apache is running as. If you are a single person running the sever I would recommend SFTP login as root user, this will give you permissions to modify whatever you want on the server, but remember to change the owner and groups for any files you create as root user before logging out.

PHP Apache Config on linux

I'm using Apache 2 in Linux mint and I don't know where to store my files and projects. if I store it in var/www it is not accessible for me, I have to use command as super user. Are there any way to solve my problem?
- If I want to store in my home folder, what should I type in the address bar if I want to run my file?
- Are there any other good solution than these? (such as change the accessible to folder /var, or change the Root_Url of apache ...)

The easiest way to solve this provlem is by typing the following line in terminal:
sudo chmod -R 777 /var/www
and then enter your password. And now you are done. You can store all the PHP files in /var/www

You have to do a chmod, you can have more information in your terminal with comand man chmod to set the rights to write in that folder or else point the web-server elsewhere (the setting is in the https.conf file)

There is different solutions:
create a symlink from /var/www/link to your projet and set your project
create a virtualhost with the DocumentRoot to point to your project: http://httpd.apache.org/docs/2.2/vhosts/examples.html
in both cases your project must have gives permissions to the apache user (www-data?) to read/execute you project

You need to active the user_dir mod of apache and then run the content from your home folder.
To run a file in your hole directory you should go to localhost/~youruser/script.php of course after enabling user_dir

Everything depends on the use.
If you are looking for a configuration for a development server that is accessible only from limited host (such as localhost):
You can configure Apache (/etc/apache2/apache2.conf) to run with your user/group.
User myuser
Group mygroup
Store all your project in your user_dir (/home/myuser/projects/...)
Create a virtual host for any of your projects
All files generated by your server will be accessible to you and vice versa

One way to accomplish this is to edit the default virtualhost supplied with Apache 2. In Linux Mint 14 its configuration file is located at:
/etc/apache2/sites-enabled/
This directory should hold symlinks for all active sites, for me the default is named 000-default.
Change the lines with "DocumentRoot" and "Directory" to point wherever you like. The server should have read only privileges by default. If you are working on file manipulation then it will need permission to read and write files.
Once this is set, restart the server ("sudo service apache2 restart") and type localhost in your browser to access the directory you've set above.
For more advanced configs have a look at:
http://community.linuxmint.com/tutorial/view/853
http://community.linuxmint.com/tutorial/view/527

Local host, apache, and Macintosh

Server/port noob here. I just downloaded the latest Apache for my Mac OS X Lion. When I type in http: //localhost/ (no space), it comes up with a web page that says "It works." However, I can't get any other web page to open. I'm trying to get it to read a PHP document for a mobile web application, but it keeps 404ing and saying the document doesn't exist (the only document it has read thus far is the index.html document that says "It works"). I have tried things like http: //local host/User/directoryofthemobileapp/index.php, and all sorts of things like that, then I tried dropping a copy of the mobile app into the folder with the "It works" html doc, and it still failed to recognize it. The path of the "It works" doc is /Library/WebServer/Documents/index.html.en, but this information hasn't helped me yet. I have tried a lot of different URLs to access documents on my Mac, but to no avail.
Thanks in advance! Help is appreciated!

change the contents of index.html.en
put this in it
<?php
phpinfo();
?>
if that works, it should tell you that php is indeed setup correctly and where all your directories are

If you're looking to do some PHP development I recommend setting yourself up with what's known as a MAMP Stack. It stands for Mac, Apache, PHP, MySQL.
There's a great (free) program here that lets you set it all up easily:
http://www.mamp.info/en/index.html
From MAMP's easy interface you can set the Apache document root manually to any location on your Mac so you can start serving files locally.
Once you feel a bit more comfortable with the configuration and the server side technologies, I can't recommend Vagrant enough (http://www.vagrantup.com). It allows you to set up and provision virtual servers. I do all of my PHP development on a LAMP stack and I have total control. It's a great learning experience. Using a provisioning tool like Puppet and Chef you can deploy your development environment on any machine.

The default document root for apache on Mac OSX (Lion + atleast) is
/Library/WebServer/Documents/
You will need to put your documents here to be able to access them from a browser or change the apache configuration to point the document root to the appropriate directory on your machine.
You must also make sure that the webserver has permission to read the files you are trying to serve over the internet. For example the following directory structure represents my Mac's /Library/WebServer/Documents/ directory:
-rw-r--r-- 1 root wheel 31958 Jun 20 2012 PoweredByMacOSXLarge.gif
-rw-r--r-- 1 root wheel 3726 Jun 20 2012 PoweredByMacOSX.gif
-rw-r--r-- 1 root wheel 44 Jul 31 13:53 index.html.en
-rw-r--r-- 1 root wheel 44 Jan 7 16:00 index.php
Since apache is running as Root on my machine (bad practice by the way, apache should not be running as a priveledged user, however my webserver is not exposed to the internet so there is little risk in my case) it can read all of the files in the directory, and when i point my browser to http:// localhost/index.php I see the contents of index.php:
<?php
echo '<h1>This also works</h1>';
?>

Files written though PHP/Apache don't honor directory setgid bit

Scratching my head on this one, seems so basic.
I've got a PHP based content management system for our website written by a contractor. One feature is the ability to upload images to be displayed in various places on the website (like a product gallery). All such uploaded images are stored in a particular directory called "attachments".
drwxrwsr-x 4 www ftpusers 4096 Oct 10 14:47 attachments
As you can see I've got the setgid bit set on that dir so that any files written will have the group that users (like FTP user) who need access to those files will able to modify/overwrite them. I've set the umask for Apache so that it will write files as group writable.
When I try this with ANY user in the system by creating a new file in that directory, it correctly inherits the group of the parent. When a new file is created through PHP running in Apache, it always has the apache.apache ownership. Apache seems to be ignoring the setgid bit, which I didn't think it could do as this was done by the file system. Here is one file I uploaded:
-rw-rw-r-- 1 apache apache 30536 Oct 10 14:43 209
I can't test as the apache user directly as it doesn't have a login shell specified (for obvious security reasons).
I can get the same permissions capability by adding the ftpusers group to the apache group, but this doesn't seem wise from a security perspective.
I did find one thing that seemed like it might be related - php safe mode, which I've verified is off in /etc/php.ini, although I'm not positive I found the php.ini file that mod_php in apache is using. The php script is using move_uploaded_file(); as far as I can tell, nothing fancy with permissions is being done in the php code.
My best guess would be that this is an intentional limitations for security, but I can't find anything that seems to indicate that is the case.
Running CentOS 5.6 with Apache 2.2.17 and php 5.2.16.
Anyone have a clue?

When you upload a file it is created in the dir specified by the PHP's "upload_tmp_dir" setting. Then move_uploaded_file() moves it to your target dir. It maintains the permissions given to it upon creation and not those of the target directory you move the file to.
So you want the tmp dir to have the permissions you want, basically those you've given to your target dir. Then it will be created with the setgid having effect and the move will keep them.
IIRC "upload_tmp_dir" is not available in .htaccess so if you cannot change this setting or the permissions given to the dir then you will need to do it another way.

Why are my file permissions on Apache being reset?

We recently switched from using PCs at work to Macs, so I'm new to the *nix way of doing things. I have the default Apache running that shipped with 10.5, but I've noticed that when I drag files from a Windows server to my machine, the permissions are changed. Specifically, I'm writing data to an XML file, and occasionally after swapping some files back and forth, it stops working.
Can someone help me understand why this is happening and how I can either force Windows to respect the original file permissions (they were set on my machine when I created the file) or apply a less secure set of default permissions when the files are moved from Windows to Mac?
A couple facts to be aware of:
I'm using the Cornerstone Subversion client.
I can use Terminal if you spell it out for me.
Ultimately I'm uploading these files via Transmit to a Linux server in another location.
I'm already familiar with using Get Info to change the file permissions, but maybe I'm doing something wrong.
I'm logged in as root. (I know, bad bad bad.)
I should also mention I know this is a simple question that should have a simple answer, but I've googled up and down without finding it. I need your help.
Thanks.

It would be incredibly helpful if you could drop to the Terminal, use cd to navigate to the folder with the files that don't work because of permissions and then type: ls -l (those are both lowercase Ls back there).
If you start from your home folder, it'll look something like this:
macbookpro:~ artlogic$ cd Sites
macbookpro:Sites artlogic$ ls -l
total 8
drwxr-xr-x 6 artlogic staff 204 Mar 11 2008 images
-rw-r--r-- 1 artlogic staff 2628 Mar 11 2008 index.html
macbookpro:Sites artlogic$
Please paste the output into this thread. Knowing what Apache is changing the permissions to would help.
On a side note, Apache generally runs under a different user and permission level than the logged in user and so if it's somehow creating or overwriting files it may be changing the permissions that way.