Find the answer to your Linux question:
Results 1 to 6 of 6
Hi everyone: Am setting up a new web server, and am having an awful time setting up the right file permission on /var/www where web pages are stores. The directory ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2006
    Posts
    26

    newb Apache question - setting permissions on /var/www


    Hi everyone:

    Am setting up a new web server, and am having an awful time setting up the right file permission on /var/www where web pages are stores.

    The directory was originally set up with the owner root, with group root. I created a "web" unix account which I would use as my ftp account, and gave it the home directory of /var/www

    With the directory owned as root/root, I couldn't write to the directory. So, I changed ownership on the directory to my web ftp account, with group web that I created.

    Now, I can write to the directory, but all of the files written to the /var/www directory are showing up as 403/forbidden when viewed in a web browser.

    Soooooooooo ... I'm guessing I've majorly messed up setting up the right permissions on /var/www

    Could you help me with the following:

    1. What should I put as the owner and group for the directory?

    2. What are the right permissions for /var/www so that everyone can view web pages?

    3. How would I go about setting those permissions? I know that the chmod command is involved, but I'm still new, and am a little unsure as to how to issue this command.

    As always, your help and replies are very much appreciated.

    Take care,
    Michael

  2. #2
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,903
    You've probably got mixed up between filesystem permissions and the permissions that Apache gives web browsers file access through.

    You should set your /var/www directory permissions to 755 and it should be UID root and GID root, i.e.:
    Code:
    drwxr-xr-x  2  root  root    4096    <date>   www
    Next, fix the permissions that Apache applies in /etc/httpd/conf/httpd.conf. There should a section in there that begins <Directory>, you should fix it to look maybe like this:
    Code:
    <Directory />
      AllowOverride none
      Order Deny,Allow
      Deny from all
    </Directory>
    Then you can adjust the directory permissions individually like this (some of this should already be in the config file):
    Code:
    <Directory "/var/www/html">
      Options Indexes FollowSymLinks -MultiViews
      AllowOverrides None
      Order allow,deny
      Allow from all
    </Directory>
    You can find more detailed help than I can give on the forum with this here: http://httpd.apache.org/docs/trunk/

    HTH
    Linux user #126863 - see http://linuxcounter.net/

  3. #3
    Just Joined!
    Join Date
    Sep 2006
    Posts
    26
    Hello Roxoff:

    Thanks so much for your reply. Your suggestions were just what I needed to get me in the right direction! The web site is coming up now, AND my FTP account works too, so I'm a happy camper!

    Thanks again for the help.

    -Michael

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Sep 2006
    Posts
    26

    Thumbs up

    I'm still having a problem - thought it was fixed, but now things aren't working again.

    Here's my setup:

    1. I'm using vsftpd, and I have local users set to "yes", and created a local unix account entitled "web", and the user "web" is in the root group.

    2. On /var/www, I set my permissions as stated above in the previous post
    (755)

    3. What I don't understand is how my FTP account is granted access to the /var/www directory. When I created the user account for "web", I gave it the home directory /var/www so that it would go right to this directory upon logging in. If I try to upload or change any files, I get permission denied or unable to create file error messages. I can't upload anything.

    4. I have tried changing /var/www to read/write for both user and group, thinking that the root group could do read/write. That won't work either!

    5. If I change /var/www to "web" as the owner, and root as the group, then I have full access to the directory and can read/write. BUT ... when I try to view what I've uploaded, I get "forbidden" messages. If I go to /var/www and look at individual file permissions, everything is set to owner rw, and everyone else is forbidden.

    I don't think my Apache setup is the problem here - that seems to be working fine. What I want to figure out is how to get my FTP server and account set up properly so that my "web" user can add/change/delete, and still provide read access to Internet users so that they can view web pages?

    I would appreciate your continued help. Many thanks!

  6. #5
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,903
    I know very little about vsftp, I'm afraid. All I can suggest is that you take a look at the vsftp config files, it could be that as the directory is owned by the root user, it's inhibiting the permissions in some way.

    Have you tried setting the directory user and group ownership to 'httpd' or 'apache' (depending on what your apache user is called) and adding the 'web' user to that group? You may only need to set the group ownership for this directory, but you could try both UID and GID, and just GID on its own.

    You could also try ssh to log in rather than ftp, you get a proper command shell then. You can 'scp' to copy files in and out securely.

    As a side note, there are security issues with making a local user a part of the root group. It's generally a very bad idea.
    Linux user #126863 - see http://linuxcounter.net/

  7. #6
    Just Joined! rybo's Avatar
    Join Date
    Jun 2006
    Location
    Latvia
    Posts
    12
    After googling for some ready cut'n'paste solutions for the same situation (I will not name this problem at all), but nothing found so far except this topic and few unneeded info. Then I have done my own solution:

    1. Create 'empty' user in apache group, with home in www and with no login shell:
    useradd -M -G apache -d /var/www/html -s /sbin/nologin www_username -p password

    2. Add group sticky flag to /var/www/html for proper permissions for newly created files:
    chmod g+s /var/www/html

    3. And finally for security reasons:
    echo www_username >> /etc/vsftpd/chroot_list

    4. Login via ftp and test

    Hope this helps for someone. Cheerz!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •