11
11
When I try to place my web files into /var/www in apache on my ec2 Ubuntu instance it is giving me an error stating that I don't have permission.
Permission denied.
Error code: 3
Error message from server: Permission denied
Request code: 3
How do I give myself permission to do this or what is the best way to copy files to /var/www with WinSCP?
andrew
Posted 2011-05-21T22:02:43.190
Reputation: 111
15
I was getting the same error in WinSCP. One solution is to change the ownership of the '/www/' folder using chown. That way, you can make the user you log in with into the owner instead of 'root' being owner. I am using an instance of Amazon Linux rather than Ubuntu, but this command worked for me:
sudo chown -R -v ec2-user /var/www/
The user 'ec2-user' is the user I log in with.
chrisfargen
Posted 2011-05-21T22:02:43.190
Reputation: 251
9
Enable write permissions for the user logging in thru WinSCP. There are two ways to do this.
The first way is to change the permissions on the folder to allow anyone to write to it. This isn't the best security.
chmod 777 /var/www
The second way is to add your user to the group owning the directory, and then setting permissions for the group to write to the directory.
Find out who owns the directory:
ls -l /var | grep www
You'll see something like: drwxr-x--- 9 www-data www-data 4096 Jul 14 2009 www The important thing to note are the two names root and root. In this case, the owner of the directory is www-data, and the group of the directory is www-data. So now you'll add your user to group www-data.
usermod -G www-data user
Now just add the write permission to the group.
chmod 770 /var/www
Now
ls -l /var | grep www
should return: drwxrwx--- 9 www-data www-data 4096 Jul 14 2009 www
With this you'll be able to write to the directory, while not opening up write privileges to everyone.
Chris Ting
Posted 2011-05-21T22:02:43.190
Reputation: 1 529
1slight correction for exactness -
sudo chmod 777 /var/www - sudo usermod -G www-data (username) - sudo chmod 770 /var/www -
It may work depending on who you are in your example, but 'sudo' should work no matter who you are (assuming your login is in /etc/sudoers for root/admin of course). – bshea – 2013-09-25T16:32:28.797
1
The following tutorial worked for me and provides helpful screenshots. Logging in as a regular user with sudo permissions simply required tweaking a few WinSCP options: http://cvlive.blogspot.de/2014/03/how-to-login-in-as-ssh-root-user-from.html
Set Session/File protocol to: SCP, enter host/instance ip, port - usually 22, and regular username. Enter password credentials if the login requires it. Add the user's corresponding Private key file in Advanced/SSH/Authentication.
Unchecking Advanced/SSH/Authentication/attempt "keyboard interactive" authentication should allow Advanced/Environment/SCP Shell/Shell/Shell: sudo su - to provide sudo permissions for accessing webserver directories as a non-owner user.
Update: 08/03/2017
WinSCP logging can be helpful to troubleshoot issues.
winscp.net/eng/docs/logging:
[WinSCP] Logging can be enabled from Logging page of Preferences dialog. Logging can also be enabled from command-line using /log and /xmllog parameters respectively, what is particularly useful with scripting. In .NET assembly, session logging is enabled using Session.SessionLogPath1).
Depending on WinSCP connection errors, some server installations may need a directive added to the (Ubunto, CentOS, other-Linux-Server) /etc/sudoers file to not require TTY for a specified user. Creating a file in /etc/sudoers.d/ (using a tool such as Amazon Command Line Interface or PuTTY) may be a better option than editing /etc/sudoers. Some /etc/sudoers versions recommend it:
This file MUST be edited with the 'visudo' command as root. Please consider adding local content in /etc/sudoers.d/ instead of directly modifying this file. See the man page for details on how to write a sudoers file.
When editing a sudoers file (as root) through the command-line, the 'visudo' command should be used to open the file as it will parse the file for syntax errors. /etc/sudoers.d/ files are typically owned by root and chmoded with minimal permissions. The default /etc/sudoers file may be referenced as it should automatically have recommended chmod permissions on installation. e.g.: 0440 r--r----- .
superuser.com/a/869145 :
visudo -f /etc/sudoers.d/somefilename
Defaults:username !requiretty
Helpful Links:
WinSCP Forum: - winscp.net/forum/viewtopic.php?t=3046 - winscp.net/forum/viewtopic.php?t=2109
WinSCP Doc: https://winscp.net/eng/docs/faq_su
With SCP protocol, you can specify following command as custom shell on the SCP/Shell page of Advanced Site Settings dialog:
sudo -s
[...]
Note that as WinSCP cannot implement terminal emulation, you need to have sudoers option requiretty turned off.
Instructions in Ubuntu Apache /etc/sudoers recommend adding directives to /etc/sudoers.d rather than editing /etc/sudoers directly. Depending on the installation, adding directive to /etc/sudoers.d/cloud-init may work as well.
It may be helpful to create an SSH test user with sudo permissions by following the steps provided in instance documentation to ensure that the user has recommended instance settings and any updates to server sudoer files can be effected and removed without affecting other users.
1keown
Posted 2011-05-21T22:02:43.190
Reputation: 11
1
on ec2 this works for me. login to box via putty with user "ec2-user" and use commands :
sudo root
chmod 777 <NAME_OF_FOLDER>
Note : this grants write access for all users.
Should now be able to write using WinScp.
blue-sky
Posted 2011-05-21T22:02:43.190
Reputation: 465
0
You need to give the user write permissions, remember the previous permissions using stat /var/www.
Then you can change them withsudo chmod 666 /var/www and change them back later when needed.
Consult man chmod and man sudo alongside other file permission manuals on the internet for more info...
Tamara Wijsman
Posted 2011-05-21T22:02:43.190
Reputation: 54 163
Your requests for help as part of an answer to someone else's question is likely to not get any responses or helpful feedback. To get that, you're probably better off asking your own question with the precise details you're needing. – killermist – 2013-03-28T02:33:53.827