How to set permissions for apache

Question

1

How to set permissions for apache

asked 2017-06-17 22:24:08 +0000

waffel
33 ●5

Hi there,

i'm running Fedora 25 and set up apache, mysql and php. It runs just fine. But I have some trouble to set the user permissions right. I want to use Fedora as my desktop environment and write and test php scripts on my local machine. Those scripts don't need to be accessible from the internet. Localhost only.

First i had some trouble to figure out what the problem actually was. But then I figured out that SELinux was blocking my script attempting to write to its own cache directory. I did the following to solve the problem:

sudo chown apache:apache -R /home/dave/www/html/mysite

find . -type f -exec chmod 0644 {} \;
find . -type d -exec chmod 0755 {} \;

sudo chcon -t httpd_sys_content_t /home/dave/www/html/mysite -R
sudo chcon -t httpd_sys_rw_content_t /home/dave/www/html/mysite/cache -R

According to the apache logs, it can now write to the cache folder just fine, but I don't have access to the directory at all. Which I understand because I chown it to apache. What, as a newbie, don't understand is, how I can give read and write access to my personal user and apache.

I read that i can add me to the apache group, as a subgroup. But that didn't work out (nothing changed). And when I do the command "groups" it only shows me "dave wheel". The command "users" shows me only "dave". So those functions don't show me an apache user or an apache group at all.

I'm pretty new to Linux and english is not my main language. So I just hope you understand what my problem is, what I want to archive and that my english is at least understandable.

Thanks for reading.

edit retag flag offensive close merge delete

Comments

Welcome to ask.fedora. Have you logged out and back in since adding yourself to the apache group? I ask, because if memory serves, you need to do this for any changes to your list of groups to take effect.

sideburns ( 2017-06-18 00:45:41 +0000 )edit

Welcome to ask.fedora. Have you logged out and back in since adding yourself to the apache group? I ask, because if memory serves, you need to do this for any changes to your list of groups to take effect.
sideburns ( 2017-06-18 00:45:41 +0000 )edit

Accepted Answer

2

answered 2017-06-18 10:36:37 +0000

David-LDA
314 ●3 ●4 ●17

updated 2017-06-18 13:48:49 +0000

florian
6882 ●48 ●129 ●217

This is what worked for me in your same situation. I am not sure of your approach, but check this out. All your sites/php applications can now live in the folder 'sites' in your home directory.

mkdir ~/sites

sudo ln -s ~/sites /var/www/html # make symbolic link from the apache web directory to your sites folder

chcon -R unconfined_u:object_r:httpd_sys_rw_content_t:s0 ~/sites # tell SELinux that these files/directories are allowed to be modified by Apache

sudo sed -i "s/User apache/User $USERNAME/g" /etc/httpd/conf/httpd.conf # change the "User apache" string in the config file to "User (the username of the current user)". For a development machine, it's more convenient to run Apache as the current user to simplify permissions problems

Now apache is running as YOU ($USERNAME) rather than 'apache' so permission problems are gone. This may not be the most secure solution, but it's the only one I could get working reliably in the end! This all took a week to work out!!

edit flag offensive delete link

Comments

Just FYI: I changed your formatting since the ask software is not able to correctly display the _ character (chcon command).

florian ( 2017-06-18 13:49:54 +0000 )edit

Tahnks! Changing the user for apache works perfectly.

waffel ( 2017-06-23 15:01:14 +0000 )edit

How to set permissions for apache

Comments

1 answer

Comments

Your Answer

Use your votes!

Question Tools

Stats

Related questions