Yepp, Yet another permissions problem

amwest · June 1, 2010, 2:59pm

Hi all,

I’m running OpenSuse 11.0 in a lamp configuration with Apache 2. I configured Apache with the .conf files instead of YAST because I am running virtual hosts (that’s another story).

My problem is that my server will not render the pages unless the permissions are set to 775 which I know is not necessary. This is also causing a problem because I am trying to install WordPress onto the server. WordPress will run, but it unable to upload images because it cannot create the directories required.

Apache2 is running as 755 with root as owner and www as group.

I changed the owner of the htdocs sub-directories to myself, and created a group that has permissions to write to the directory. WordPress runs as my user and has the same permissions (775).

Thanks.

hcvv · June 1, 2010, 4:40pm

I do not know what you mean with “Apache is running as 755”???

Apache should run:

henk@boven:~> ps -ef|grep apach
root      2749     1  0 12:27 ?        00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun    2750  2749  0 12:27 ?        00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun    2751  2749  0 12:27 ?        00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun    2753  2749  0 12:27 ?        00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun    2754  2749  0 12:27 ?        00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun    2755  2749  0 12:27 ?        00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun    3351  2749  0 12:38 ?        00:00:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
henk      6349  6313  0 16:30 pts/1    00:00:00 grep apach
henk@boven:~>

This means that it starts as root, but that it degrades it work horses to wwwrun:www. This means that where it wants to read files from your system, they must be readable (directories also searchable) by wwwrun. Most simple is of course to make them owned by wwwrun:www and readable (searchable) for the owner. Also mind that the directories in the path to the root of these files (mostly owned by root:root) are readable (and searchable) by the world.

amwest · June 1, 2010, 6:57pm

Thanks for the info. The 755 is the permissions on the /etc/apache2 directory. Root is the owner of that directory, www is the group.

When I execute the grep with conditions as you did I get the same results:

root 2297 1 0 09:12 ? 00:00:00 /usr/sbin/httpd2 -f /etc/apache2/httpd.conf -k start
wwwrun 3042 2297 0 11:39 ? 00:00:00 /usr/sbin/httpd2 -f /etc/apache2/httpd.conf -k start
wwwrun 3054 2297 0 11:44 ? 00:00:00 /usr/sbin/httpd2 -f /etc/apache2/httpd.conf -k start
wwwrun 3114 2297 0 11:49 ? 00:00:00 /usr/sbin/httpd2 -f /etc/apache2/httpd.conf -k start
wwwrun 3384 2297 0 12:45 ? 00:00:00 /usr/sbin/httpd2 -f /etc/apache2/httpd.conf -k start
wwwrun 3385 2297 0 12:45 ? 00:00:00 /usr/sbin/httpd2 -f /etc/apache2/httpd.conf -k start
wwwrun 3388 2297 0 12:46 ? 00:00:00 /usr/sbin/httpd2 -f /etc/apache2/httpd.conf -k start
wwwrun 3389 2297 0 12:46 ? 00:00:00 /usr/sbin/httpd2 -f /etc/apache2/httpd.conf -k start
wwwrun 3394 2297 0 12:46 ? 00:00:00 /usr/sbin/httpd2 -f /etc/apache2/httpd.conf -k start
wwwrun 3402 2297 0 12:47 ? 00:00:00 /usr/sbin/httpd2 -f /etc/apache2/httpd.conf -k start
wwwrun 3403 2297 0 12:47 ? 00:00:00 /usr/sbin/httpd2 -f /etc/apache2/httpd.conf -k start
arleen 3849 3839 0 12:59 pts/2 00:00:00 grep apach
arleen@ehl3:~>

The big problem I am having is that when I upload files the permissions are 600. I have to manually change them to 775 for Apache to serve the file. Otherwise there is an access forbidden - 403 error.

It’s not such a hardship to chmod in the FTP program, but I am trying to install WordPress, which gets installed in whatever sub directory of htdocs you choose. WP should run as long as it has the same owner as htdocs. But it is unable to create directories or files.

Seems like this is a Suse problem - or at least my installation since I am able to upload and install WordPress on other web servers not related to this one without any problems.

Thanks again.

hcvv · June 1, 2010, 9:56pm

In my systemm:

henk@boven:~> ls -dl /etc/apache2/
drwxr-xr-x 10 root root 4096 apr 26 21:27 /etc/apache2/
henk@boven:~>

Why is this different from yours? The statement “Apache is running as 755” has no connection to this and is nonsense on its own.

When you upload, where does it go? IMHO you should do less telling of stories and show more computer output. Like: "when i upload it comes out like:

ls -l <the uploaded file>

Then we see what the system did and not what you think that the system did.

ken_yap · June 2, 2010, 12:47am

You have some strange ideas there about how processes, ownership and permissions interact that it’s hard to know where to start to disabuse you of your misconceptions.

Simplest is to let the ftp program chmod to 644. The owner on the WP files is not relevant as long as the files are readable because Apache runs as wwwrun:www.