LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > CentOS
User Name
Password
CentOS This forum is for the discussion of CentOS Linux. Note: This forum does not have any official participation.

Notices


Reply
  Search this Thread
Old 12-28-2017, 06:26 AM   #1
mwx
Member
 
Registered: Jan 2009
Location: Virginia, USA
Distribution: CentOS - Ubuntu
Posts: 61

Rep: Reputation: 0
Permissions on a new LAMP stack on Centos 7 - Default PHP handler maybe?


I've got a new LAMP setup on a physical server running Centos 7. PHP 5.4.16 - Apache 2.4.6

With my Wordpress installs the app is not allowed to update, create folders, upload or write to .htaccess without opening permissions up to 777 for the various directories it's trying to write to. None of the "recommended" file and folder permissions come even close to allowing the intended functionality.

I've gone through the steps with SELinux to allow the writes and given what the troubleshooter is telling me - SELinux is no longer an issue. To confirm I even set it to permissive and pushed up the permissions until things started working.

After reading a bit I'm starting to believe that the default PHP handler Apache is using is what it forcing this to happen - and that (all performance reasons aside) running suPHP or FastCGI will allow the the files to be written by the system user/owner rather than giving ownership of all files and folders over to the web server - in this case Apache.

Is this right? Am I headed in the right direction? Somewhere - there is something which will allow me to get the CMS to be able to do what it wants to do without me having to swing open the gates and make everything world writable.

Thanks.
 
Old 12-28-2017, 07:03 AM   #2
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166Reputation: 3166
The Apache process or the FastCGI processes (as the case may be) run as users who can be given permission – through ordinary Linux permission-masks, AppArmor or SELinux (as the case may be) – to write to certain directories and files. They should never be given permission to update ".htaccess" files, nor to any of the programming which they run. "Served content" should be stored in database tables to which, ideally, they have only read-only access.

In the rare instances where I had to deploy a WordPress, I deployed two WordPresses, two of everything, and set up one of these as the "administrative site," accessible only through OpenVPN. The public-facing site couldn't write to (most of) its own tables, nor to any of its files. To modify the site in any way, you had to use the administrative instance. This site was periodically attacked, of course, but it was incapable of doing anything to itself, so all of the attacks failed.

Since then, I don't use WordPress anymore. There are far better CMS tool-kits available, say for frameworks like Django.
 
Old 12-28-2017, 07:17 AM   #3
mwx
Member
 
Registered: Jan 2009
Location: Virginia, USA
Distribution: CentOS - Ubuntu
Posts: 61

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by sundialsvcs View Post
There are far better CMS tool-kits available, say for frameworks like Django.
Heading in that direction at some point. Still have a lot to learn. I'm not so concerned about WP - I can find another and will eventually move away from it. I'm more concerned with how to get it to function as intended without rolling out the welcome mat to the rest of the world. That's the learning part of the process for the moment. I'll be happy to move on once I know and understand what's making it fail.

"I want to see it work on a person. I want to see it work on a negative before I provide you with the positive." - Tyrell
 
Old 12-28-2017, 04:50 PM   #4
mwx
Member
 
Registered: Jan 2009
Location: Virginia, USA
Distribution: CentOS - Ubuntu
Posts: 61

Original Poster
Rep: Reputation: 0
I was able to get everything up and running with standard permissions after adding and integrating PHP-FPM - however - it requires Apache be the owner of all of the files and folders.. Not a big fan of that. Just have to keep looking.
 
Old 12-29-2017, 10:18 AM   #5
onebuck
Moderator
 
Registered: Jan 2005
Location: Summer Midwest USA, Central Illinois, Winter Central Florida
Distribution: SlackwareŽ
Posts: 13,097
Blog Entries: 28

Rep: Reputation: 2319Reputation: 2319Reputation: 2319Reputation: 2319Reputation: 2319Reputation: 2319Reputation: 2319Reputation: 2319Reputation: 2319Reputation: 2319Reputation: 2319
Moderator response

Moved: This thread is more suitable in <CentOS> and has been moved accordingly to help your thread/question get the exposure it deserves.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Install LAMP Stack ( Apache, MariaDB, php, phpMyAdmin) on Fedora 24 LXer Syndicated Linux News 0 07-07-2016 09:20 AM
[SOLVED] How to install Centos 7.1 LAMP Stack jaydul Linux - Newbie 4 11-02-2015 03:30 AM
LXer: How To Install LAMP Stack (Apache, MariaDB And PHP) In Fedora 22 LXer Syndicated Linux News 0 05-28-2015 10:50 PM
LXer: How to install LAMP stack (Apache, MariaDB/MySQL and PHP) on CentOS LXer Syndicated Linux News 0 11-04-2014 09:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > CentOS

All times are GMT -5. The time now is 02:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration