Sign in to follow this  
Followers 0
Seal

Changing DocumentRoot Apache

6 posts in this topic

So I'm using Apache to host a web interface of a program I'm creating. I want PHP to be able to edit files that reside in /usr/fsuite, the directory in which the program runs.

The problem is that I can *read* those files, but PHP is denied *write* access. The only files it has *write* access to are those that reside in /var/www/htdocs.

So, what I did is that I changed the DocumentRoot to /usr/fsuite in httpd.conf. I changed all other references of /var/www/htdocs to /usr/fsuite. I moved the .php files over and restarted Apache. Apache was now using /usr/fsuite as the new DocumentRoot, but it still lacked write access. This is after I chmodded the directory to 777.

So, Apache runs as a user - I created a new user just for it (I named the user "fsuite"). I made it part of the apache user group. I logged in as user "fsuite" to to make sure that it had permission to write into that directory. It did. I edited the httpd.conf to have Apache run as that user, and restarted Apache. I check the list of processes, and confirm that the Apache child processes are running as the new user. They are. Still, PHP reports write access is denied. It is still only allowed in the /var/www/htdocs directory.

What am I missing here? Why does PHP not have permission to write a new file? The user Apache runs as does, and the directory is set to rwxrwxrwx. So why is it it only has write access to the original /var/www/htdocs?

0

Share this post


Link to post
Share on other sites

This may not be a direct solution to your problem, but any time I set up an Apache install with a single user to be controlling the content served by Apache, I usually set the DocumentRoot as the user's home directory. I've avoided a lot of permissions trouble that way.

Are you using the Apache PHP modules? If not, is your PHP implementation also running as the user that's running the Apache process?

EDIT: You may also want to check about PHP's safe_mode_gid. It's apparently used to check file permissions by doing a Group ID check -- so, even if your folder is universally-writable, if the user attempting to write to it isn't of the correct GID, you'll get a permission error. I suppose always having used the user's home as the DocumentRoot has prevented me from encountering this before.

Edited by systems_glitch
0

Share this post


Link to post
Share on other sites

I never came across an error like this before. Maybe try "chown nobody:nobody" to change the ownership to nobody, since you tried changing the write permissions. Just a theory.

0

Share this post


Link to post
Share on other sites
This may not be a direct solution to your problem, but any time I set up an Apache install with a single user to be controlling the content served by Apache, I usually set the DocumentRoot as the user's home directory. I've avoided a lot of permissions trouble that way.

Forgot to say - did that as well. For the user that I created, I set its home directory to be /usr/fsuite as well.

As far as I'm aware, it is running via the Apache PHP Module, but I'll check that out tomorrow. And I'll check out the safe_mode and the chown idea. And I'll see what happens if I run php on its own separately. And if anyone has any more ideas, by all means, please share. BinRev is blocked at work, so the more ideas I can go in with, the better.

Thanks for your input so far guys. :)

Edited by Seal
0

Share this post


Link to post
Share on other sites

Are you sure you changed all the file permissions, not only the directory permissions?

0

Share this post


Link to post
Share on other sites
Are you sure you changed all the file permissions, not only the directory permissions?

Yes I did, and thanks for the input. I figured out what was wrong - the Red Hat machine I was developing on had SE Linux installed and configured. SE Linux can place specific restrictions on certain designated processes, such as httpd. I disabled its oversight on httpd and badabing badaboom, no more permission denied errors.

Thanks all for your help :)

Edited by Seal
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0