Results 1 to 6 of 6
Hi everyone: Am setting up a new web server, and am having an awful time setting up the right file permission on /var/www where web pages are stores. The directory ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 12-15-2006 #1
- Join Date
- Sep 2006
newb Apache question - setting permissions on /var/www
Am setting up a new web server, and am having an awful time setting up the right file permission on /var/www where web pages are stores.
The directory was originally set up with the owner root, with group root. I created a "web" unix account which I would use as my ftp account, and gave it the home directory of /var/www
With the directory owned as root/root, I couldn't write to the directory. So, I changed ownership on the directory to my web ftp account, with group web that I created.
Now, I can write to the directory, but all of the files written to the /var/www directory are showing up as 403/forbidden when viewed in a web browser.
Soooooooooo ... I'm guessing I've majorly messed up setting up the right permissions on /var/www
Could you help me with the following:
1. What should I put as the owner and group for the directory?
2. What are the right permissions for /var/www so that everyone can view web pages?
3. How would I go about setting those permissions? I know that the chmod command is involved, but I'm still new, and am a little unsure as to how to issue this command.
As always, your help and replies are very much appreciated.
- 12-15-2006 #2
You've probably got mixed up between filesystem permissions and the permissions that Apache gives web browsers file access through.
You should set your /var/www directory permissions to 755 and it should be UID root and GID root, i.e.:
drwxr-xr-x 2 root root 4096 <date> www
<Directory /> AllowOverride none Order Deny,Allow Deny from all </Directory>
<Directory "/var/www/html"> Options Indexes FollowSymLinks -MultiViews AllowOverrides None Order allow,deny Allow from all </Directory>
- 12-15-2006 #3
- Join Date
- Sep 2006
Thanks so much for your reply. Your suggestions were just what I needed to get me in the right direction! The web site is coming up now, AND my FTP account works too, so I'm a happy camper!
Thanks again for the help.
- 12-18-2006 #4
- Join Date
- Sep 2006
I'm still having a problem - thought it was fixed, but now things aren't working again.
Here's my setup:
1. I'm using vsftpd, and I have local users set to "yes", and created a local unix account entitled "web", and the user "web" is in the root group.
2. On /var/www, I set my permissions as stated above in the previous post
3. What I don't understand is how my FTP account is granted access to the /var/www directory. When I created the user account for "web", I gave it the home directory /var/www so that it would go right to this directory upon logging in. If I try to upload or change any files, I get permission denied or unable to create file error messages. I can't upload anything.
4. I have tried changing /var/www to read/write for both user and group, thinking that the root group could do read/write. That won't work either!
5. If I change /var/www to "web" as the owner, and root as the group, then I have full access to the directory and can read/write. BUT ... when I try to view what I've uploaded, I get "forbidden" messages. If I go to /var/www and look at individual file permissions, everything is set to owner rw, and everyone else is forbidden.
I don't think my Apache setup is the problem here - that seems to be working fine. What I want to figure out is how to get my FTP server and account set up properly so that my "web" user can add/change/delete, and still provide read access to Internet users so that they can view web pages?
I would appreciate your continued help. Many thanks!
- 12-19-2006 #5
I know very little about vsftp, I'm afraid. All I can suggest is that you take a look at the vsftp config files, it could be that as the directory is owned by the root user, it's inhibiting the permissions in some way.
Have you tried setting the directory user and group ownership to 'httpd' or 'apache' (depending on what your apache user is called) and adding the 'web' user to that group? You may only need to set the group ownership for this directory, but you could try both UID and GID, and just GID on its own.
You could also try ssh to log in rather than ftp, you get a proper command shell then. You can 'scp' to copy files in and out securely.
As a side note, there are security issues with making a local user a part of the root group. It's generally a very bad idea.
- 03-26-2008 #6
After googling for some ready cut'n'paste solutions for the same situation (I will not name this problem at all), but nothing found so far except this topic and few unneeded info. Then I have done my own solution:
1. Create 'empty' user in apache group, with home in www and with no login shell:
useradd -M -G apache -d /var/www/html -s /sbin/nologin www_username -p password
2. Add group sticky flag to /var/www/html for proper permissions for newly created files:
chmod g+s /var/www/html
3. And finally for security reasons:
echo www_username >> /etc/vsftpd/chroot_list
4. Login via ftp and test
Hope this helps for someone. Cheerz!