change permissions for /var/www/html
I got a book PHP & MySQL: Novice to Ninja by Kevin Yank. I want to learn a bit about these two topics.
Following the instructions, I installed apache2, mysql and php I run Ubuntu 18.04. I use Bluefish to make files. Trouble is, when I want to save the file in /var/www/html from Bluefish, I can't. I've got to sudo them in. Quote:
Make a group and add myself? Actually, I am the only user on this old laptop. |
Don’t get in the Windows mindset and lessen permissions. Sudo is the correct way to do this.
|
I usually set up a directory under /var/www/html owned by your user with permissions set to 755. Put the content in there.
Set the DocumentRoot to that sub directory. |
Doesn’t the web server process need access to that directory though? How is that accomplished in that scenario?
|
root is the owner of /var/www/html/
root is also the group Can I add myself to group root? Would that allow me read write access when saving from Bluefish? Is that a reasonable way to do this? |
Quote:
The owning user has rw group and others are read...for files: -rw-r—r— for the directory: -rwxr-r-xr-x |
Quote:
|
Quote:
Should I create a user apache and make him the owner of /var/www? Should I make a group apache and add myself to it? Or just make myself the owner of /var/www I just don't know the best way to do this. |
Quote:
It does have a group www-data:x:33: Quote:
|
Quote:
I host more than 70 domains...none of their spaces are owned by the web server user, nor are any of the owning users a member of the web server users group. |
Quote:
Anyway, if there is and will be only one account needing access, the quick way is to chown the directories and documents under /var/www/html/ to whatever single user needs access. Be sure that Apache2 can still read the files through o=r and the directories through o=rx. However, if you have multiple accounts needing write access, then you'll have to add an extra group just for that purpose and work with that. Either way the account and group that Apache2 is in should not be given write access nor should that group get any other accounts added to it. |
The owner:group for the /var/www directory is usually apache:apache. For some reason, the developers at debian/ubuntu decided to change that to www-data:www-data so that is the owner:group you need for that directory on Ubuntu. You can then put other user in the www-data group and you can create sub-directories under /var/www/html with different users/groups.
|
Quote:
By default, the normal owner for the /var/www/ directory is root:root. Even in the Debian derivatives that is so. There does exist an account www-data and a group www-data, but neither are used for the file system. The are only used to keep the httpd processes separate from the rest of the system. Giving the HTTP daemon write access weakens the resliance of the system in regards to attack. Again, the group www-data should not be used for /var/www/ nor should the account www-data be used for /var/www/ except in a few fringe edge cases. For a normal web service, the only thing www-data needs is to be able to read /var/www/ and that can be done with the normal drwxr-xr-x aka 755 directory permissions. |
Quote:
I apologize for any confusion. I still disagree about using groups to manage multiple users in that space however. A snippet of the setup on my server: Code:
# ll /var/www/html We maintain the content on site3 and site4, so those are both owned by us. As all those directories (and the files therein) are "world readable" the web user can serve them. /var/www/html is owned by root:root. |
Quote:
Once you have more than one, the groups come into play. In some file systems, ACLs max out at much less than two dozen accounts, I cannot recall what the limit is for EXT4 though. |
All times are GMT -5. The time now is 04:09 PM. |