Access denied creating Apache website in /var/www
 

I have Ubuntu 20.04.3 in a portable drive. I installed Apache using Install and Configure Apache | Ubuntu. I was able to rename the index.html in /var/www/html and create my own index.html and it is rendered when I browse to localhost.

Then on page three it explains how to create a separate website. The instructions use gci as in /var/www/gci/ but it says we can use any name so I am using whatever. When I try to save an index.html into /var/www/whatever/ I get access denied, I am not the owner (I forget the actual words). The permissions for /var/www/whatever/ appear to me to be the same as for /var/www/html/ but I probably do not know where to look.

The critical commands that the instructions say to use are:

sudo mkdir /var/www/whatever/
cd /var/www/whatever/
nano index.html

Is that enough information for you to suggest something to diagnose the problem?

Yes, step four goes into making a vhost. The instructions are very sparse there, but they cover the gist which is that you copy /etc/apache2/sites-available/000-default.conf to a new file and edit the new file to set permissions for the other directory. Also, you can chown the document root directory if you are the only one using it. If you have several people editing that directory then a little more complicated solution is needed.

As for the vhost configuration, the full reference manual for Apache2 is online: http://httpd.apache.org/docs/2.4/ That is a reference manual, not a tutorial so you'll have to train up to fully benefit from it, but it is well worth doing so.

There you will also find a brief tutorial about Name- and IP-based Virtual Hosts (vhosts) and their configuration. There is also a lookup list for Run-time Configuration Directives. In the list, you can look up Directory, Options, and DocumentRoot to begin with.

Yes I did that. I understand that is necessary for the webiste but I do not understand how it is relevant to saving the HTML into index.html. Okay, now I remember something. I initially was able to create an index.html in a directory and I created the conf file as instructed but then it was not able to show the page. Then I noticed that the index.html file had the same permissions as the folder yet for /var/www/html the index.html did not have the same permissions. So I messed something up somewhere.

Yes it is just for me. Initially I will just install WordPress and one or more plugins for it but this is for learning purposes for developing my own websites to be developed locally and deployed elsewhere. I did try chown but I will try some more tomorrow and report details. The problem I had is that chown would not work, with sudo, because I am not the owner of the directory. What is confusing for me is that I am able to rename and create files in /var/www/html yet the permissions seem to be the same.

I am switching between Windows and Ubuntu and I must remember to carry my password for this site over to Ubuntu so I can update this thread from Ubuntu.

Ah. The filesystem permissions need to be tuned to your use case. The Apache2 vhost configuration files only determine where the web server looks for files. But in order to be able read, write, and edit the files, your account has to have permission. If you are the only person using that server, then just change ownership for the directory in question:

If you are going to have multiple people with different accounts editing, then the solution for EXT file systems is a little more complex.

PS. Can I suggest a static site generator like Hugo or one of the others instead of WordPress?

I don't want to muddy the waters, but I slightly disagree with the advice given by Turbocapitalist. They are 100% correct that if you are the ONLY person doing something, that would solve your problem. However, the 'best practices' way would be to add yourself to the group that Apache is running under. If you look at the process (ps -ef | egrep -i "apache|www") you'll see the name. Add your user to the appropriate group (could be something like wwwrun, apache, etc.), and log out/back in.

Set the docroot directory to be 764 (chmod -R 764 /var/www/whatever), and you should be good. Permissions can be set very granular, and this lets you read/write to the directories/files in question, but need explicit root permissions to do something more serious. There are MANY guies on setting up Apache on Ubuntu...you seem to have followed the most basic, without looking any further.
https://www.tecmint.com/install-apac...-ubuntu-20-04/
https://www.tecmint.com/install-apac...-ubuntu-20-04/

...since you've not allowed things through your firewall, opened any ports, or seemingly looked at the permissions. Because this:
...is plain wrong. Bolded a line in what you posted for emphasis. Sudo gives you elevated privileges, same as root...and root will be able to modify/change/delete ANYTHING on the system, so if you got these results, you did something very wrong. Also, you don't actually tell us what the permissions are on the directories in question, or what you've done up until this point...hard to diagnose an issue when you're not giving the necessary details. And having permissions to one folder (like /var/www/html) is *NOT* the same as having permissions to /var/www/html/vhosts (or whatever sub-folder is present).

Be careful in providing untested advice to users. These permissions will not allow ANYONE except the owner to see/access/write files in that directory. The execute bit MUST be set for your user before you can even do a simple command such as 'cd' into that directory or from within that directory to subdirectories, etc.

This was a test I just did on my system using your permissions.
Directories must have the execute bit set before a user can do ANYTHING within or below that directory.

Thank you for your time. The problem was just a stupid mistake.

Initially I want to set up a real estate website for a friend. I might develop something of my own eventually but for now there are a few WordPress real estate plugins that appear good enough to get him started. I intend to create some demos locally before choosing one to be hosted elsewhere.


I really understand about best practices and stuff like that. I also get irritated when people do things that work when they do it but they are fragile. Best practices are very important when there are multiple developers. I understand that it helps others that want to help if things are done in documented ways and/or are best practices.

Yeah I did something really stupid.

I understand. I really understand about providing details. In other forums I have been attempting to help others in other forums. I have seen many hundreds of vague questions. One problem is that I switch between Windows and Ubuntu but that will be less of a problem in the future.

What I have done is to set the permissions for the file to be the same as what the permissions were for the /var/www/html/index.html that was installed (by Apache I presume). I will make this post for now and try to make another post with details of the permissions that I now have.

Nice. Then you both are going to edit the same files and so you would need to set the DocumentRoot directory to allow write access by multiple accounts from the beginning and a simple chown is not enough.

Access like that is a little convoluted on the EXT series of file systems. So for EXT4, which is the default for most distros, it involves some extra steps to share write access between several accounts. The web server runs as under a separate account for the purpose of least privilege / privilege separation and for static pages, the web server account only needs (and should only have) read access, specifically o=rx for directories and o=r for files. If you are setting up WordPress, then that counts as an additional account and it will need write access to specific directories and files. But worry about that later, after you have the static pages demo going. With WordPress,

Again I'd recommend consideration of a static site generator as a choice among your demos if you're not going to use some of the functions which actually require a full CMS. WordPress is quite popular but requires a lot of attention, such as basic maintenance, because the default is to transfer updates unsigned over FTP (which I see as effectively a backdoor) or else do the WordPress updates by hand. Add to that comment moderation if you allow visitors to post comments on the site. On a popular site it can be almost a full-time job to delete spam quickly. Static site generators provide bells and whistles for the site's maintainer but publishes the result to the public as static HTML. That gives most of the advantages of a full CMS for those editing the pages, but without as many moving parts. K.I.S.S: if it's not there, it can't break. Static site generators include Hugo, Pelican, Jekyll, Publish, Lektor, Cactus, Nikola, and many more.

tldr; I ask, what functionality you need out of your demo site(s) ?

I believe you it is something I will need to know about later. I am familiar with least privilege and I understand the value; I certainly try to do that. Thank you for the preview.

I just want to say before someone else does that that is getting off-topic and I agree that for the benefit of others it is best to limit discussion to a specified topic but I will provide at least a bit here. Gloria Xiao | Your Neighborhood Realtor is the website that my friend used as an example of what he wants. Apparently it uses a WorPress plug-in. That specific plug-in is deprecated and the replacement is temporarily (or permanently) unavailable. So I have been researching alternatives; I have found Easy Property Listings – WordPress plugin | WordPress.org and a couple of other possibilities. Assuming we choose one of them, I will then suggest a hosting service for the permanent site.

Odd...that worked on my system, after adding myself to the appropriate group.

EDIT: computersavvy, I stand corrected. The permissions should be 774, not 764 as I posted initially. Not sure if I wasn't paying attention or it was a typo, but the results are them same, regardless. Good catch.

Wordpress has documentation which explains what permissions each folder should have - I don't have it bookmarked, but it shouldn't be hard to find.