Ask Your Question
1

How to set permissions for apache

asked 2017-06-17 17:24:08 -0500

waffel gravatar image

Hi there,

i'm running Fedora 25 and set up apache, mysql and php. It runs just fine. But I have some trouble to set the user permissions right. I want to use Fedora as my desktop environment and write and test php scripts on my local machine. Those scripts don't need to be accessible from the internet. Localhost only.

First i had some trouble to figure out what the problem actually was. But then I figured out that SELinux was blocking my script attempting to write to its own cache directory. I did the following to solve the problem:

sudo chown apache:apache -R /home/dave/www/html/mysite

find . -type f -exec chmod 0644 {} \;
find . -type d -exec chmod 0755 {} \;

sudo chcon -t httpd_sys_content_t /home/dave/www/html/mysite -R
sudo chcon -t httpd_sys_rw_content_t /home/dave/www/html/mysite/cache -R

According to the apache logs, it can now write to the cache folder just fine, but I don't have access to the directory at all. Which I understand because I chown it to apache. What, as a newbie, don't understand is, how I can give read and write access to my personal user and apache.

I read that i can add me to the apache group, as a subgroup. But that didn't work out (nothing changed). And when I do the command "groups" it only shows me "dave wheel". The command "users" shows me only "dave". So those functions don't show me an apache user or an apache group at all.

I'm pretty new to Linux and english is not my main language. So I just hope you understand what my problem is, what I want to archive and that my english is at least understandable.

Thanks for reading.

edit retag flag offensive close merge delete

Comments

Welcome to ask.fedora. Have you logged out and back in since adding yourself to the apache group? I ask, because if memory serves, you need to do this for any changes to your list of groups to take effect.

sideburns gravatar imagesideburns ( 2017-06-17 19:45:41 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
2

answered 2017-06-18 05:36:37 -0500

David-LDA gravatar image

updated 2017-06-18 08:48:49 -0500

florian gravatar image

This is what worked for me in your same situation. I am not sure of your approach, but check this out. All your sites/php applications can now live in the folder 'sites' in your home directory.

mkdir ~/sites

sudo ln -s ~/sites /var/www/html # make symbolic link from the apache web directory to your sites folder

chcon -R unconfined_u:object_r:httpd_sys_rw_content_t:s0 ~/sites # tell SELinux that these files/directories are allowed to be modified by Apache

sudo sed -i "s/User apache/User $USERNAME/g" /etc/httpd/conf/httpd.conf # change the "User apache" string in the config file to "User (the username of the current user)". For a development machine, it's more convenient to run Apache as the current user to simplify permissions problems

Now apache is running as YOU ($USERNAME) rather than 'apache' so permission problems are gone. This may not be the most secure solution, but it's the only one I could get working reliably in the end! This all took a week to work out!!

edit flag offensive delete link more

Comments

Just FYI: I changed your formatting since the ask software is not able to correctly display the _ character (chcon command).

florian gravatar imageflorian ( 2017-06-18 08:49:54 -0500 )edit

Tahnks! Changing the user for apache works perfectly.

waffel gravatar imagewaffel ( 2017-06-23 10:01:14 -0500 )edit

Question Tools

1 follower

Stats

Asked: 2017-06-17 17:24:08 -0500

Seen: 2,721 times

Last updated: Jun 18 '17