LAMP Permissions & Ownership ?

I ran into some difficulties installing Extensions on Joomla 1.7.2 in my localhost LAMP server. After a lengthy thread at the Joomla forum, they concluded it was a permission/file ownership problem because something was altered on my system. No one there was able to give me any specific guidance about how permissions and file ownership should be set up on localhost.

Since this computer is for learning and development I:

  1. Did a New Install of the OS (openSUSE Linux 11.3) wiping out everything on the computer outside the /home directory
  2. Installed the LAMP package
  3. Enabled Apache2 and MySQL servers in Yast System Services
  4. Installed MySQL Administrator - It shows no connections and is empty except for the basic MySQL schema.
  5. The Apache2 server returns the standard “It Works!” screen when tested by going to http://localhost with a browser

The path to localhost is /srv/www/htdocs. Everything in it is owned by root. To copy anything to it, (such as phpinfo script or Joomla installation files, I must be logged on as root.

How would you recommend I set ownership and permissions so I can install Joomla and develop a demo website as a user instead of as root?

Bear in mind this is on a standalone computer in my office. Everything will change when I publish it to a web hosting service.


If you can only access mysql as root apparently with no passwords, then you have the default mysql installation with root and two anonymous users.

From the mysql command line you need to
SELECT Host, User FROM mysql.user;
to check this.

If there are no passwords set for root, you need to enter
SET PASSWORD FOR ‘root’@‘localhost’ = PASSWORD(‘password’);
where ‘password’ is of couse a password and ‘HOST_NAME’ the hostname for your computer.

You may wish to retain one or more of the anonymous users, in which case you should immediately restrict the privileges they have and set passwords with
SET PASSWORD FOR ’ ‘@localhost' = PASSWORD('password'); SET PASSWORD FOR ' '@HOST_NAME’ = PASSWORD(‘password’);

To delete both anonymous users enter
DELETE FROM mysql.user WHERE User = ’ ';

If you do this, you need to create a ‘guest’ or similar user with restricted privileges for the website. Above all, never let anyone have access as root! It should be possible to create a user with restricted privileges which you use for a lot of routine maintenance.

For more information see info mysql 3.12.2 Securing the Initial MySQL Accounts.

I will set up the users and passwords for MySQL like you advise. That is very helpful for anyone trying to set up a LAMP localhost.

Right now, I am trying to get some advice about what the permissions and ownership should be for the directories and files under /srv should be for localhost use.

In the absence of experienced advice, I will probably change Ownership recursively to jch:users (currently root:root) for the entire /srv folder. (jch is a username on this computer) That will make it possible to work with the files in that directory as a user instead of root.

Does anyone think that will cause problems later on?


What I do is this:

  • Setup mysql and apache2 first, and set them to run at boottime (Yast - Runlevel editor).
  • Extract Joomla package with root permssions, using " su -c ‘command to extract package to /srv/www/htdocs && chown wwwrun /srv/www/htdocs/* && chgrp www /srv/www/htdocs/*’ ". Now owner and group are set correctly.
  • Create an empty “configuration.php” using " su -c ‘touch configuration.php && chown wwwrun configuration.php && chgrp www configuration.php’ " in the /srv/www/htdocs folder.
  • Create a user+database from phpMyAdmin (can be found through Download openSUSE 11.4)
  • Run the Joomla installer by going to " ".

If you’re changing the permissions of the files, and leave the apache2 settings etc. unchanged you will run into permission issues when installing / trying to use Joomla. Don’t, it’s going to do more harm than it could possibly bring good.

If PHP files are not interpreted, make sure you have installed and enabled the Apache2 PHP module. You can do it in YaST.

Thank you so very much.You are the first to give explicit “do” and “don’t” instructions.

Is owner “wwwrun” a generic term for any user (jch, in my case) or is it a new user that I need to set up? I know group “www” is one of the standard groups available when you set up a new user in Yast. Is this what you are talking about?

Again, thank you for the prompt and explicitly informative reply.


wwwrun is the account Apache runs as in SUSE distros.

It’s a teeny bit safer to assign ownership to a different account but then if you go that way you have to ensure that everything to be served is readable by that account. The exception are directories that must be writable by Apache, e.g. uploads, templates: those must be owned by wwwrun. The webapp will indicate which directories must be writable.

So I should do exactly as suggested by Knurpht (always a good idea) and make jch a member of group www?

I hate it when my mind hangs up on simple things like this but it happens. Then I am a pain in the neck to everyone until the light clicks on and a whole new world of understanding appears.

Thank you for your patience and solid advice.


There’s no need to make jch a member of group www, you can use the world permissions to allow wwwrun (Apache) to read the files.

A useful debugging trick is to su - wwwrun, to see if the webfiles are files are readable and the directories searchable. However you will need to change wwwrun’s shell to /bin/sh or /bin/bash temporarily. Don’t forget to change it back to /bin/false after this test.

My localhost LAMP server is running perfectly thanks to the advice I received here.

The posts by john_hudson on setting the passwords on MySQL (Joomla 1.7 requires a password on the MySQL server so you can’t use the default anymore) and Knurpht on file ownership and leaving permissions alone are vital to anyone trying to install a localhost LAMP. ken_yap’s clarifications made setting it up a learning experience instead of just a procedure.

Thank you.