Permissions and Apache

toothsome · 03-16-2010, 05:53 PM

(Kind of) Linux newbie, and I'm at the point where I usually wreck my installation.

Scenario:

LAMP installed, vsftpd livened up, and accepting connections from my username.

Now, usually I find I can't FTP stuff in, and figure I don't have permission. So I 'chmod 777' my /var/www and everything FTPs in fine. But of course I can't view the website, so I 'chown -R' to root (I know this isn't a good idea, but in an internal environment it's generally got me going).

Anyway, this isn't working for me, and I know isn't good practice - so what am I supposed to be doing exactly?

MS3FGX · 03-16-2010, 05:58 PM

The FTP user you are logging in as should belong to the same group that your /var/www directory belongs to. This would let both Apache and the FTP user have access without giving it up to everyone.

toothsome · 03-16-2010, 06:15 PM

Thanks - so do I need to set this user as the apache user also (or put apache in the same group perhaps)?

MS3FGX · 03-16-2010, 10:32 PM

I would put both the user and Apache itself in their own group, say "web". Only add users to the group that absolutely need access, keep everyone else out.

freelinuxtutorials · 03-16-2010, 11:35 PM

make sure you chroot the user.

toothsome · 03-17-2010, 05:00 AM

Thanks - MS3FGX, how do I put Apache itself into a group?

freelinuxtutorials · 03-17-2010, 05:19 AM

Quote:

Originally Posted by toothsome

Thanks - MS3FGX, how do I put Apache itself into a group?

sample:
1.#groupadd webusers
2.either
edit /etc/group and add apache user on it
webusers:x:502:apache

or

#usermod -G webusers apache

then
chown -R apache:webusers /var/www/html/websample
chmod 760 -R /var/www/html/websample

so all included on the webusers group has access to upload/download and write

you can also consider these good parameters on vsftpd.conf
chown_username
chown_uploads

toothsome · 03-17-2010, 07:34 AM

Thanks - almost there, but still having a permissions issue:

Code:

drwxrw-r--  2 apache.user webusers 4096 2010-03-16 17:35 www
toothsome@ubu2:/var$ cd www
-bash: cd: www: Permission denied

I have done a

Code:

chmod 760 -R /var/www/

and even a

Code:

sudo chmod +g -R /var/www

and checked that my username is in 'webusers' but still no joy. I've also checked via my other test (trying to rename /var/www/index.html via FTP) but this isn't working. What have I missed?

freelinuxtutorials · 03-17-2010, 12:02 PM

problem is you can't ftp right?what's the error?what user do you use to login? and what is the default home directory of the user your using to login to the ftp?

toothsome · 03-17-2010, 12:10 PM

I can FTP fine, and move around the directories but it fails when I try to go from /var into /var/www

I'm using my username - toothsome. I've checked in the 'webusers' group:

Code:

webusers:x:1001:toothsome,apache.user

freelinuxtutorials · 03-17-2010, 12:36 PM

do you use "su - toothsome" when switch user. BTW, changing permission of /var/www is not really recommended . you can set it to default back to 755 with uid and gid as root. recommended is to set the default home directory of your ftp after /var/www/html

toothsome · 03-17-2010, 12:50 PM

When do you mean to use 'su - toothsome'?