www-data

tommytomato · 03-17-2010, 08:27 PM

Hi all

I know this question has come up so many time's

any one care to point me to a fix to get this issue fixed, I've reinstalled my system ( Ubuntu 9.10 command line server ) server is next to me on the floor, I use another PC Ubuntu desktop 9.10 to gain access

I have installed a LAMP server with vsftpd, ssh, imagemagick, php5-gd, I'm planning on running on this server Joomla, Wordpress, Gallery, webmin

the only user that has been added is the admin user when you frist install the system, and sudo has not yet been changed, I use sudo for access to root as in sudo apt-get update

All i want to do is use a FTP program like gFTP or a win app on wine called winscp to upload files to /var/www to be able to run my site

So is there any fix to this problem that alot of people seem to be having I would love to know

chrism01 · 03-17-2010, 08:43 PM

Create a webdev user on the server; use scp (part of ssh pkg) to txmit files from the client to the server on that user eg

client:/home> scp file webdev@server:/home

If you add webdev user to the same group as the owner of var/www/ eg apache then add group write access to that dir path, the webdev user will be able to copy from his home dir to the /var/www. In fact, you should be able to scp direct from the client system to that dir as webdev user.

Don't know if Ubuntu has SELinux service; if so you may(?) have to change the context as well, but let's try the above first.

smoker · 03-17-2010, 08:57 PM

You have apache installed.
Why not make use of that fact and change the directory for the web root. (default site)

As admin, create directories in admins home directory like the following
www
www/html
www/cgi-bin

Make sure they all have permissions of 755

edit /etc/httpd/conf/httpd.conf as root

find the line

Code:

DocumentRoot "/var/www"

and change it to

Code:

DocumentRoot "/home/admin/www/html"

a bit further down you will find

Code:

<Directory "/var/www">

change that to

Code:

<Directory "/home/admin/www/html">

If you want to run cgi scripts go down until you find

Code:

ScriptAlias

and make it like

Code:

ScriptAlias /cgi-bin/ "/home/admin/www/cgi-bin/"

also a bit further down change the <Directory> line to read

Code:

<Directory "/home/admin/www/cgi-bin">

None of the lines you are changing should have # in front of them.

When you've done all those lines, save the file and restart apache.

You can now login over ftp using admin as the user name and whatever admins password is.

It doesn't have to be admin. It can be any user you want to create for the purpose. Just replace admin with the correct user name in the above instructions.

If you want to access the web server by another domain name (separate site) then you have to add a virtual host to httpd.conf with that domain name.
There are examples in the file. The default site is the one that will come up if you don't specify a virtual site.
Technically, every user on the server could have their own web site and domain names.

tommytomato · 03-17-2010, 09:11 PM

Thanks smoker

I don't use cgi myself in fact I never have, I do have subdomains so that wont change any thing will it when i add them in.

Thanks for the tip, that sounds alot easier to do.

TT ( karl )

smoker · 03-17-2010, 09:25 PM

sub domains can be done as virtual hosts.

Example virtual host section in httpd.conf

Code:

<VirtualHost *:80>

        ServerName sub.domain.com
        ServerAdmin me@domain.com
        DocumentRoot /home/<username>/www/html
        RewriteEngine on

        <Directory /home/<username>/www/html/>
                Allow from all
                AllowOverride All
                Order allow,deny
        </Directory>

        SetEnv SITE_ROOT /home/<username>
        SetEnv SITE_HTMLROOT /home/<username>/www/html

</VirtualHost>

tommytomato · 03-18-2010, 06:53 PM

Quote:

Originally Posted by smoker

You have apache installed.
Why not make use of that fact and change the directory for the web root. (default site)

As admin, create directories in admins home directory like the following
www
www/html
www/cgi-bin

Make sure they all have permissions of 755

edit /etc/httpd/conf/httpd.conf as root

find the line

Code:

DocumentRoot "/var/www"

and change it to

Code:

DocumentRoot "/home/admin/www/html"

a bit further down you will find

Code:

<Directory "/var/www">

change that to

Code:

<Directory "/home/admin/www/html">

If you want to run cgi scripts go down until you find

Code:

ScriptAlias

and make it like

Code:

ScriptAlias /cgi-bin/ "/home/admin/www/cgi-bin/"

also a bit further down change the <Directory> line to read

Code:

<Directory "/home/admin/www/cgi-bin">

None of the lines you are changing should have # in front of them.

When you've done all those lines, save the file and restart apache.

You can now login over ftp using admin as the user name and whatever admins password is.

It doesn't have to be admin. It can be any user you want to create for the purpose. Just replace admin with the correct user name in the above instructions.

If you want to access the web server by another domain name (separate site) then you have to add a virtual host to httpd.conf with that domain name.
There are examples in the file. The default site is the one that will come up if you don't specify a virtual site.
Technically, every user on the server could have their own web site and domain names.

Hey Smoker, I'm just getting into it now, this path

Code:

/etc/httpd/conf/httpd.conf

is not the same on my system, it's under

Code:

/etc/apache2

the files I would have to edit would be

Code:

/etc/apache2/sites-enabled/000-default

and

Code:

/etc/apache2/sites-available/default

and the same for ssl

Code:

/etc/apache2/sites-available/default-ssl

Will let you know

TT ( karl )

tommytomato · 03-18-2010, 07:59 PM

Quote:

Originally Posted by chrism01

Create a webdev user on the server; use scp (part of ssh pkg) to txmit files from the client to the server on that user eg

client:/home> scp file webdev@server:/home

If you add webdev user to the same group as the owner of var/www/ eg apache then add group write access to that dir path, the webdev user will be able to copy from his home dir to the /var/www. In fact, you should be able to scp direct from the client system to that dir as webdev user.

Don't know if Ubuntu has SELinux service; if so you may(?) have to change the context as well, but let's try the above first.

what do you mean by webdev, I haven't heard of that term before

TT ( karl )

tommytomato · 03-18-2010, 08:01 PM

Smoker, it did work, but I now have lost awstats and webalizer as well, I know you have tried to help, but I would rather try and get my user to upload to the original path instead ( /var/www )

TT ( karl )

chrism01 · 03-18-2010, 08:05 PM

webdev; just a generic made up name for a web development user ie you...

Actually, an acl would be more secure; no need to allow the group to write to those dirs:

Code:

setfacl -m d:u:youruser:rw /var/www

http://linux.die.net/man/1/setfacl

tommytomato · 03-18-2010, 08:15 PM

I see

I've reset apache2 back to /var/www

the group that has that path is www-data and its group is www-data going by details in webmin

My only user which is admin, EG: my nick has the same group as the nick EG: tommytomato

I've tried before to add tommytomato to the www-data group and I wasn't able to write to the directory and tommytomato home directory is /home/username

TT ( karl )

chrism01 · 03-18-2010, 08:34 PM

Basically, apache installs as someuser:somegroup. This varies on different distros and I don't have Ubuntu.
If you go from a fresh install of apache, you can do

ls -l /var/www

to see what the default ownership & group is. As I said, no need to allow apache to write to those dirs (for security). Add an acl to allow your user to write there.
If you

cat /etc/passwd

you can see current registered users info.

tommytomato · 03-18-2010, 08:44 PM

/var/www is owner by root and its group is root too from I can see

Code:

ls -l /var/www
total 8
-rw-r--r-- 1 root root  177 2010-03-17 21:13 index.html
drwxr-xr-x 2 root root 4096 2010-03-19 07:24 webalizer

acl is that like so ? I did try this 2 days ago with NO luck

Quote:

Originally Posted by sayan_acharjee

I mean you need to create an access control list for the user allowing it to to read-write-execute in the directory, I am not talking about the usual chmod driven permission.
Here is how you can do this:
edit the /etc/fstab file in the following manner:

The mount point can be different depending on the way your system is partitioned, if the /var partition is mounted somewhere else then you need to edit that line by putting ,acl option after defaults.
Then remount that partition:

Set the acl:

http://www.linuxquestions.org/questi...952/page2.html

TT ( karl )

chrism01 · 03-18-2010, 09:02 PM

Post #30 on that page shows how to setup the partition for acls; except use the acl format of mine above. It ensures that all files/dirs get acl set (d = default). Read that man page link of mine first.

See also
http://rute.2038bug.com/index.html.gz
http://www.linuxtopia.org/online_boo...ion/index.html - RHEL, but concepts are same as are most cli cmds.

tommytomato · 03-18-2010, 10:44 PM

I read that stuff and It don't make alot of sence right now, but I gave it a shot.

I edited the file sudo vim /etc/fstab and I added acl to the line

Code:

UUID=00a855d6-4164-4d31-8f8f-9920870dc190 /               ext4    errors=remount-ro,acl 0       1

then I did

Code:

sudo mount -o remount,acl /

and then

Code:

sudo setfacl -m d:u:tommytomato:rw /var/www

and I still cant write to that folder lol, only tommytomato home directory

TT ( karl )

Sayan Acharjee · 03-18-2010, 11:33 PM

Are you sure that SELinux is disabled for vsftpd?