LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 03-17-2010, 08:27 PM   #1
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 935

Rep: Reputation: 32
www-data


Hi all

I know this question has come up so many time's

any one care to point me to a fix to get this issue fixed, I've reinstalled my system ( Ubuntu 9.10 command line server ) server is next to me on the floor, I use another PC Ubuntu desktop 9.10 to gain access

I have installed a LAMP server with vsftpd, ssh, imagemagick, php5-gd, I'm planning on running on this server Joomla, Wordpress, Gallery, webmin

the only user that has been added is the admin user when you frist install the system, and sudo has not yet been changed, I use sudo for access to root as in sudo apt-get update

All i want to do is use a FTP program like gFTP or a win app on wine called winscp to upload files to /var/www to be able to run my site

So is there any fix to this problem that alot of people seem to be having I would love to know
 
Old 03-17-2010, 08:43 PM   #2
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,242

Rep: Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024
Create a webdev user on the server; use scp (part of ssh pkg) to txmit files from the client to the server on that user eg

client:/home> scp file webdev@server:/home

If you add webdev user to the same group as the owner of var/www/ eg apache then add group write access to that dir path, the webdev user will be able to copy from his home dir to the /var/www. In fact, you should be able to scp direct from the client system to that dir as webdev user.

Don't know if Ubuntu has SELinux service; if so you may(?) have to change the context as well, but let's try the above first.
 
Old 03-17-2010, 08:57 PM   #3
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 248Reputation: 248Reputation: 248
You have apache installed.
Why not make use of that fact and change the directory for the web root. (default site)

As admin, create directories in admins home directory like the following
www
www/html
www/cgi-bin

Make sure they all have permissions of 755

edit /etc/httpd/conf/httpd.conf as root

find the line
Code:
DocumentRoot "/var/www"
and change it to
Code:
DocumentRoot "/home/admin/www/html"
a bit further down you will find
Code:
<Directory "/var/www">
change that to
Code:
<Directory "/home/admin/www/html">

If you want to run cgi scripts go down until you find

Code:
ScriptAlias
and make it like

Code:
ScriptAlias /cgi-bin/ "/home/admin/www/cgi-bin/"
also a bit further down change the <Directory> line to read
Code:
<Directory "/home/admin/www/cgi-bin">
None of the lines you are changing should have # in front of them.

When you've done all those lines, save the file and restart apache.

You can now login over ftp using admin as the user name and whatever admins password is.

It doesn't have to be admin. It can be any user you want to create for the purpose. Just replace admin with the correct user name in the above instructions.

If you want to access the web server by another domain name (separate site) then you have to add a virtual host to httpd.conf with that domain name.
There are examples in the file. The default site is the one that will come up if you don't specify a virtual site.
Technically, every user on the server could have their own web site and domain names.

Last edited by smoker; 03-17-2010 at 09:15 PM.
 
Old 03-17-2010, 09:11 PM   #4
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 935

Original Poster
Rep: Reputation: 32
Thanks smoker

I don't use cgi myself in fact I never have, I do have subdomains so that wont change any thing will it when i add them in.

Thanks for the tip, that sounds alot easier to do.

TT ( karl )
 
Old 03-17-2010, 09:25 PM   #5
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 248Reputation: 248Reputation: 248
sub domains can be done as virtual hosts.

Example virtual host section in httpd.conf
Code:
<VirtualHost *:80>

        ServerName sub.domain.com
        ServerAdmin me@domain.com
        DocumentRoot /home/<username>/www/html
        RewriteEngine on

        <Directory /home/<username>/www/html/>
                Allow from all
                AllowOverride All
                Order allow,deny
        </Directory>

        SetEnv SITE_ROOT /home/<username>
        SetEnv SITE_HTMLROOT /home/<username>/www/html

</VirtualHost>

Last edited by smoker; 03-17-2010 at 09:34 PM.
 
Old 03-18-2010, 06:53 PM   #6
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 935

Original Poster
Rep: Reputation: 32
Quote:
Originally Posted by smoker View Post
You have apache installed.
Why not make use of that fact and change the directory for the web root. (default site)

As admin, create directories in admins home directory like the following
www
www/html
www/cgi-bin

Make sure they all have permissions of 755

edit /etc/httpd/conf/httpd.conf as root

find the line
Code:
DocumentRoot "/var/www"
and change it to
Code:
DocumentRoot "/home/admin/www/html"
a bit further down you will find
Code:
<Directory "/var/www">
change that to
Code:
<Directory "/home/admin/www/html">

If you want to run cgi scripts go down until you find

Code:
ScriptAlias
and make it like

Code:
ScriptAlias /cgi-bin/ "/home/admin/www/cgi-bin/"
also a bit further down change the <Directory> line to read
Code:
<Directory "/home/admin/www/cgi-bin">
None of the lines you are changing should have # in front of them.

When you've done all those lines, save the file and restart apache.

You can now login over ftp using admin as the user name and whatever admins password is.

It doesn't have to be admin. It can be any user you want to create for the purpose. Just replace admin with the correct user name in the above instructions.

If you want to access the web server by another domain name (separate site) then you have to add a virtual host to httpd.conf with that domain name.
There are examples in the file. The default site is the one that will come up if you don't specify a virtual site.
Technically, every user on the server could have their own web site and domain names.
Hey Smoker, I'm just getting into it now, this path
Code:
/etc/httpd/conf/httpd.conf
is not the same on my system, it's under
Code:
/etc/apache2
the files I would have to edit would be

Code:
/etc/apache2/sites-enabled/000-default
and

Code:
/etc/apache2/sites-available/default
and the same for ssl

Code:
/etc/apache2/sites-available/default-ssl
Will let you know

TT ( karl )
 
Old 03-18-2010, 07:59 PM   #7
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 935

Original Poster
Rep: Reputation: 32
Quote:
Originally Posted by chrism01 View Post
Create a webdev user on the server; use scp (part of ssh pkg) to txmit files from the client to the server on that user eg

client:/home> scp file webdev@server:/home

If you add webdev user to the same group as the owner of var/www/ eg apache then add group write access to that dir path, the webdev user will be able to copy from his home dir to the /var/www. In fact, you should be able to scp direct from the client system to that dir as webdev user.

Don't know if Ubuntu has SELinux service; if so you may(?) have to change the context as well, but let's try the above first.
what do you mean by webdev, I haven't heard of that term before

TT ( karl )
 
Old 03-18-2010, 08:01 PM   #8
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 935

Original Poster
Rep: Reputation: 32
Smoker, it did work, but I now have lost awstats and webalizer as well, I know you have tried to help, but I would rather try and get my user to upload to the original path instead ( /var/www )

TT ( karl )
 
Old 03-18-2010, 08:05 PM   #9
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,242

Rep: Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024
webdev; just a generic made up name for a web development user ie you...

Actually, an acl would be more secure; no need to allow the group to write to those dirs:
Code:
setfacl -m d:u:youruser:rw /var/www
http://linux.die.net/man/1/setfacl

Last edited by chrism01; 03-18-2010 at 08:13 PM.
 
Old 03-18-2010, 08:15 PM   #10
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 935

Original Poster
Rep: Reputation: 32
I see

I've reset apache2 back to /var/www

the group that has that path is www-data and its group is www-data going by details in webmin

My only user which is admin, EG: my nick has the same group as the nick EG: tommytomato

I've tried before to add tommytomato to the www-data group and I wasn't able to write to the directory and tommytomato home directory is /home/username

TT ( karl )
 
Old 03-18-2010, 08:34 PM   #11
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,242

Rep: Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024
Basically, apache installs as someuser:somegroup. This varies on different distros and I don't have Ubuntu.
If you go from a fresh install of apache, you can do

ls -l /var/www

to see what the default ownership & group is. As I said, no need to allow apache to write to those dirs (for security). Add an acl to allow your user to write there.
If you

cat /etc/passwd

you can see current registered users info.
 
Old 03-18-2010, 08:44 PM   #12
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 935

Original Poster
Rep: Reputation: 32
/var/www is owner by root and its group is root too from I can see

Code:
ls -l /var/www
total 8
-rw-r--r-- 1 root root  177 2010-03-17 21:13 index.html
drwxr-xr-x 2 root root 4096 2010-03-19 07:24 webalizer
acl is that like so ? I did try this 2 days ago with NO luck

Quote:
Originally Posted by sayan_acharjee View Post
I mean you need to create an access control list for the user allowing it to to read-write-execute in the directory, I am not talking about the usual chmod driven permission.
Here is how you can do this:
edit the /etc/fstab file in the following manner:

The mount point can be different depending on the way your system is partitioned, if the /var partition is mounted somewhere else then you need to edit that line by putting ,acl option after defaults.
Then remount that partition:


Set the acl:
http://www.linuxquestions.org/questi...952/page2.html

TT ( karl )
 
Old 03-18-2010, 09:02 PM   #13
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,242

Rep: Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024
Post #30 on that page shows how to setup the partition for acls; except use the acl format of mine above. It ensures that all files/dirs get acl set (d = default). Read that man page link of mine first.

See also
http://rute.2038bug.com/index.html.gz
http://www.linuxtopia.org/online_boo...ion/index.html - RHEL, but concepts are same as are most cli cmds.
 
Old 03-18-2010, 10:44 PM   #14
tommytomato
Member
 
Registered: Nov 2003
Location: Narrogin Western Australia
Distribution: GUI Ubuntu 12.04 - Server 12.04.4 LTS
Posts: 935

Original Poster
Rep: Reputation: 32
I read that stuff and It don't make alot of sence right now, but I gave it a shot.

I edited the file sudo vim /etc/fstab and I added acl to the line

Code:
UUID=00a855d6-4164-4d31-8f8f-9920870dc190 /               ext4    errors=remount-ro,acl 0       1
then I did
Code:
sudo mount -o remount,acl /
and then
Code:
sudo setfacl -m d:u:tommytomato:rw /var/www
and I still cant write to that folder lol, only tommytomato home directory

TT ( karl )
 
Old 03-18-2010, 11:33 PM   #15
Sayan Acharjee
Member
 
Registered: Feb 2010
Location: Bangalore, India
Distribution: Linux Mint 13
Posts: 590

Rep: Reputation: 64
Are you sure that SELinux is disabled for vsftpd?
 
  


Reply

Tags
gftp, wine


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
www-data execute iptables Legolas891 Linux - Security 2 12-22-2009 03:36 PM
Problem user www-data on ubuntu mosesdel Linux - Server 2 03-31-2009 06:45 PM
www-data password / authorization (newb) helsing Linux - Server 7 04-19-2008 09:51 AM
Why does www-data have /bin/sh as a shell? reverse Debian 2 11-18-2007 07:35 AM
add www-data user restless Linux - Newbie 1 06-01-2004 07:51 AM


All times are GMT -5. The time now is 08:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration