Sorting file permissions.. failed badly

Okay I need some help to get out of this mess… I tried a million different ways to fix my file permissions.
I’ll just describe what I need as I’m quite sure that whatever I did to the directory is wrong in many ways… and I’m unable to fix it.

I got a /srv/www/htdocs/ dir on which I need (me or anyone else via samba as a guest) user ‘nobody’ to have full rights and the user/group www / wwwrun to have read permissions. (unless I chmod the map to 777, on for example one that’s used to contain thumbnails created trough a php script).

What I got is… not sure, even after chmodding the entire htdocs map 777 I got eclipse spewing errors at me like
checkout -r HEAD --depth=infinity --force
svn: Cannot write to ‘/home/Pascal/Shared/www/RST/.svn/tmp/text-base/gallerij.php.svn-base’: /home/Pascal/Shared/www/RST/.svn/tmp/text-base/gallerij.php.svn-base (Permission denied)
svn: Cannot write to ‘/home/Pascal/Shared/www/RST/.svn/tmp/text-base/gallerij.php.svn-base’: /home/Pascal/Shared/www/RST/.svn/tmp/text-base/gallerij.php.svn-base (Permission denied)

My apogies for the forum spam as this seems to be like the 5th post related to me being a nub.

I believe PHP has an extra layer of protection. There is a path list that tells PHP which directories it is allowed to write to. I think it’s the setting open_basedir, look at the PHP docs for this. It can be set in /etc/php5/apache2/php.ini or on a per Apache virtual host using the php_admin_value option.

it worked before with chmod 777 on a dir( Oh dear lord I wish I had put my www on a different mountpoint as well so it would have survived the 11.1 upgrade… wouldn’t be having problems now then )
And I remember doing this over ftp for gallery scripts and content management systems with autosetups writing the config file.

Don’t forget that the whole path from / must give enough permissions for the apache user. In practice this means directories on the path must have the x bit on.

It’s useful to test access as the target user. You can do this with su - wwwrun then you get a shell for wwwrun. You may have to temporarily give wwwrun a valid shell in /etc/passwd first. Don’t forget to set it back after testing.

Seems like a the whole world against me case in the end…

  • NFS was quitting on me cause my router (which is too blame for many of my network related problems) couldn’t handle an SVN import on this dir while importing all my songs in Amarok2 (over NFS as well). Which resulted in me not being able to connect to the server or something…
  • Eclipse identified itself as something not guest if I tried it via the SMB mount.
  • Some other things I can’t remember cause it was late.

In the end I figured out I actually had things set up properly but there were other causes (such as the above) getting in my way :<

Look at the bright side, you learnt lots of other things on the side. :wink:

A tip for the future. Which will help with upgrades. Change the wwwroot to /home/Pascal/public_html in Yast > network services > http server.
That way it’s easier to manage the permissions and will be saved after an upgrade if you keep /home.
I do this and also make backups of /etc/php5 and /etc/appache2 that way i can restore the settings