LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Mixing up permissions - hellinux (https://www.linuxquestions.org/questions/linux-newbie-8/mixing-up-permissions-hellinux-442501/)

xrender 05-07-2006 11:45 AM

Mixing up permissions - hellinux
 
Hi!
Obviously all what I am doing now is a host of mistakes (both in Linux Fedora and English :)). Can somebody tell me the right way (mostly for Linux)?

I have installed Apache virtual host using (for the first time) a path like /home/virtual/mysite/public_html
for html files. Apache worked nicely and I saw index page at mysite.com. Then I decided to add a new user 'mysite' and to set up ftp for the site.
When I got /home/mysite home directory I just copied /home/virtual/mysite/public_html folder to it.

And I found that all the files in /home/mysite/public_html were marked as root property so I couldn`t ftp upload, delete, chmod, etc!
(my first question - how can root copy files to a home folder of user so that the user could use them?)

Ok, I changed the folder owner: chown -R mysite /home/mysite

After that I was able to upload all the html files to public_html folder.
But now when I try to reach the site I am getting error message:
"""""""""""""""""""""""""""""
You don't have permission to access /index.html on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
"""""""""""""""""""""""""""""
I found that permissions were set to 600 and changed them being a root: chmod -R 644 /home/mysite/

I see the same error message at present but now ftp does not work and I cannot even login as mysite to /home/mysite directory!
While it is inaccessible for mysite user, still I see on the midnight commander chown page: owner - mysite, group - mysite, permissions 644. All the files inside this folder set 644 as well and belong to mysite and group 'mysite' , only /home/mysite/public_html has owner - mysite, group - root and I cannot change group in the latter case!

My second question: what the hell:Pengy: is going on? why mysite folder isn`t a home folder of mysite anymore?
Thanks in advance

xrender 05-07-2006 01:59 PM

To simplify -
I added new user mysite2. Logged as this user I made public_html and index.html inside, I didn`t use ftp at all. I configured httpd.conf like this:

<VirtualHost xxx.xxx.xx.xx>
ServerName mysite.com
ServerAdmin webmaster@mysite.com
DocumentRoot /home/mysite2/public_html
ErrorLog /home/mysite2/logs/error_log
CustomLog /home/mysite2/logs/access_log common
</VirtualHost>

Site doesn`t work
"""""""""""""""""""""""""""""
You don't have permission to access /index.html on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
"""""""""""""""""""""""""""""

On the contrary, when I am root and create /home/virtual/mysite/public_html folder with index.html in it and configure httpd like this:

<VirtualHost xxx.xxx.xx.xx>
ServerName mysite.com
ServerAdmin webmaster@mysite.com
DocumentRoot /home/virtual/mysite/public_html
ErrorLog /home/virtual/mysite/logs/error_log
CustomLog /home/virtual/mysite/logs/access_log common
</VirtualHost>

- it works.

what is wrong with first variant?

btmiller 05-07-2006 03:07 PM

The user apache runs as (usually apache or www) needs to have permission to read the Web site files. usually home directories are set up owned by the user whose home directory it is and with 700 permissions, meaning Apache won't be able to see files inside the home directory. You need to make sure that the entire path /home/mysite2/public_html is readable to Apache.

xrender 05-07-2006 05:03 PM

thank you for your reply

Actually, I set /home directory as apache group
and set 640 permissions
No luck.

I found out that my problem is not that rare:

https://secure.experts-exchange.com/...qid%3D21249234

Quote:

The problem you are expericneing is not a problem as such but ratrher a feature of FC3 called Security enhanced linux.

Try this

ls -Z /dir/where/www/root/will/be

chcon -R -h -t httpd_sys_content_t /dir/where/www/root/will/be

ls -Z /dir/where/www/root/will/be

It will prob be a good idea to turn selinux on again in the /etc/sysconfig/selinux conf file as it makes it so much more secure.

Hope this helps

xrender 05-07-2006 05:11 PM

But even this did not help

I have good sys_content and apache group and 640 permissions for whole /home (by the way, is it secure?), but virtual host doesn`t work.

I also disabled SElinux, unfortunately I cannot reboot now, without ticket.

Any ideas what I do wrong?

xrender 05-07-2006 05:14 PM

There is a hint that another solution could exist

http://www.experts-exchange.com/Oper..._21249234.html

One need to pay $$ to know it :twocents:

xrender 05-07-2006 05:29 PM

Finally when I set 770 permissions for /home I got site working. :cool:
But I guess it`s unsecure. Is there more elegant solution. I need to keep html documents in home dirs so that users could upload using vsftpd.

Will kindly appreciate any idea. :)

xrender 05-07-2006 05:42 PM

After chmod 770 /home - - - I cannot ssh as 'mysite' or ftp connect to my /home/mysite. This Linux is a real nuts :mad:

spooon 05-07-2006 10:16 PM

Quote:

Originally Posted by xrender
Finally when I set 770 permissions for /home I got site working. :cool:
But I guess it`s unsecure. Is there more elegant solution. I need to keep html documents in home dirs so that users could upload using vsftpd.

Will kindly appreciate any idea. :)

So first of all you should read about how permissions works for directories. A directory WILL NOT WORK WITHOUT EXECUTE PERMISSION. It is execute permission that allows access to a directory; read permission (which allows listing of the directory) and write permission (which allows creating & deletion of files) are less important. Typically directories are given 755 or 711 permissions.

xrender 05-08-2006 04:15 AM

spooon, thanks for info about 711.
Do you know, how to rewert my mistake:
Quote:

chgrp -R apache /home
?
New users don`t have access to their own directories, while their permissions are ok. For example, user 'eldo' cannot access his home dir /home/eldo despite the fact that /home/eldo belongs to user eldo and group eldo.

Quote:

[root home]# su eldo
bash: /home/eldo/.bashrc: Permission denied
bash-3.00$
when I try to login:
Quote:

Could not chdir to home directory /home/eldo: Permission denied
-bash: /home/eldo/.bash_profile: Permission denied
-bash-3.00$
I tried
Quote:

chgrp -R root /home
same result when I create a new user :( - no access to home dir

Quote:

Originally Posted by btmiller
You need to make sure that the entire path /home/mysite2/public_html is readable to Apache.

Obviously, I did it wrong.
Could you tell what is a right way?

xrender 05-08-2006 12:37 PM

OK
thanks for your attention :) ,
The solution was root root 755 for /home dir.
As for Apache, it is sufficient to set 711 for dirs and 644 for html/php files.

BTW, can somebody tell how to set stuff uploading with certain permissions - say, 644 for files and 755 for folders?

saitoshi 05-08-2006 12:52 PM

Quote:

Originally Posted by xrender
OK
thanks for your attention :) ,
The solution was root root 755 for /home dir.
As for Apache, it is sufficient to set 711 for dirs and 644 for html/php files.

BTW, can somebody tell how to set stuff uploading with certain permissions - say, 644 for files and 755 for folders?

Hmmm. I'm not sure about doing it via FTP, but with an HTTP upload using PHP, I'm sure you must already know about using the chmod function built into PHP right? Ignore this if it's not applicable. I am a newb after all.

Edit: I figure it is safe to clarify just in case. I'm talking about uploading via a PHP script and trying to chmod the dir to something like 777 or whatnot and then reverting it once the file is uploaded. Probably really really un-secure though.

xrender 05-09-2006 05:22 AM

Actually, PHP is a great thing, but I meant if one can set up the ftp server so that all files and folders were attributed some default permissions upon ftp-uploading. I am a real novice and possibly asking about evident things. I saw many examples of virtualhosts provided by hosting providers where the files get 644 and the folders 755 automatically. I am using vsftpd - could it be that one should use more advanced ftp server?

saitoshi 05-09-2006 05:28 AM

Well, when it comes to FTP software, I'm likly as clueless (or even more clueless) as you, but have you tried finding out what software your examples use?

xrender 05-12-2006 06:13 AM

Finally, there are two misleading things in vsftpd:

first, the file_open_mode option is not included into the default config file and the default is 0666.

MAN PAGE http://vsftpd.beasts.org/vsftpd_conf.html
Quote:

file_open_mode
The permissions with which uploaded files are created. Umasks are applied on top of this value. You may wish to change to 0777 if you want uploaded files to be executable.


Second, the default local_umask in the vsftpd.conf file is local_umask=022 or 077. Not very nicely if to believe that
Quote:

If you want to specify octal values, remember the "0" prefix otherwise the value will be treated as a base 10 integer
. So there should be 4 digits. For example, local_umask=0022.


All times are GMT -5. The time now is 10:41 PM.