Centos 6.5 /var/www/html/ User permissions

Question

I have a dedicated server but only root can access my hosting directory. All other users get permission denied when I try access the directory with another user.

I have created a new user, added the user to the apache group (as the directory is owned by apache)

# usermod -a -G apache newuser

Also tried

# usermod -g apache newuser

Yes, I have relogged in and restarted SSHD

I have set permissions to 775 but not recursively as I am running Magento.

drwxrwxr-x+ 8 apache apache      4096 Apr  7 21:52 website

I also tried to use Access Control Lists, like below

setfacl -m u:user:rw /var/www/html/website

# file: website
# owner: apache
# group: apache
user::rwx
user:user:rw-
user:userb:rw-
group::r-x
mask::rwx
other::r-x

What else have you done? There appear to be ACLs on this directory. Post the ACLs you set up. — Michael Hampton, Apr 14 '15 at 18:18
Edit the question, don't add the information in a comment and unformatted. — dawud, Apr 14 '15 at 18:23
Does SElinux is activated ? Check with the command 'getenforce'. — Eric Ly, Apr 14 '15 at 20:16

score 2 · Answer 1 · answered Apr 14 '15 at 20:10

In case someone has a similar problem, this is what I did. I hope it's the correct approach but I am not sure.

The + in the permissions

drwxrwxr-x+

indicates that there is an access control list in effect on the directory.

I changed the permissions recursively for ACL as per below as well as included execution permission for the user.

setfacl -Rm u:user:rwx /var/www/html/website

mashup · Answer 2 · 2015-04-14T20:11:35.943

Enter top

Then watch the httpd process. On the very left in the USER column it should say something like 'nobody' or 'www-userdata' or similar. Remember it.

Then change to your home directory e.g. /home/myuser/public_html.

Run

cd /home/myuser/

Run

chown -R nobody:nobody public_html (replace nobody:nobody if different user runs apache process)

Depending on your PHP handler (suPHP) you may have to:

Run chown user:nobody public_html on the directory, where user is the name of user the directory belongs to.

Just to be sure, verify that files are chmodded 644 and directories 750/750. The public_html should be 750, not 775

If you issue 775 on anything you are exposing yourself and give read and execution permissions to outsiders who will exploit your server. They may not be able to write files but if they use a buffer-overflow exploit and gain access they dont have to and can execute files on your server.

Ran the following find find . -type f -exec chmod 644 {} \; find . -type d -exec chmod 755 {} \; instead of top I did ps aux | egrep '(apache|httpd)' and it shows user as apach. Is this correct — DaleZA, Apr 14 '15 at 20:23

Centos 6.5 /var/www/html/ User permissions

2 Answers2