![]() ![]() The whole idea of using symlinks to solve a permission issue is flawed and cannot work. This works, but has its own headaches, as not every file system supports file access lists. There are multiple cases where I've had to do this as a sysadmin for some type of non-standard access without changing the owners of a given file. That's a simple sudo chown www-data:www-data filename, and the access control lists should still let you have effective owner rights to the file. The only caveat: If you manually create new files, you need to chown them accordingly to give ownership to the webserver. Sudo find /var/www/html -type d -exec chmod g+rx \ Īnd now you've got access to all the directories, and you didn't have to take access away from www-data which helps as the webserver can still create files everywhere as it needs to (such as PHP based frontends having their own cache directories and such needing to be created and written to for proper operation). (1) Allow Apache access to the folders and the files. ![]() (Optional) Final security cleanup, where we set up permissions so you and the web server can see the site data, but other users cannot access files or the directory structure for the site.(Optional but recommended) Set it up such that any files or folders created from hereon in the entirety of the directory structure has the group set to be www-data.Give your user 'owner' over the files and folders, and give yourself read/write on all of the files and folders, as well as the ability to traverse the directories.Give Apache access to the folders and files, so it can serve the site without 403 errors.This is in effect, four steps, after you copy your data back to /var/www/html: The symlink approach you are using doesn't help either for the same reason as trying to give Apache permissions to read /home/andre/Then, you will only ever have to work out of /var/www/html for your site. A poorly-configured or misconfigured or unpatched web server can cause massive data leakage this way, or loss of credentials and such which would put your personal data and logins on different things at risk. You would otherwise have to give the web server the ability to traverse through /home/ to see the directory structure, but also into /home/$USER/ (your user's home directory, where we can try and see what else exists in your user directory), as well as any other subfolders in there. So the folder moodle in /home/andre/You should never have to run a website from within your home directory. ĭrwxrwxr-x 41 andre andre 4096 Mai 4 10:02 moodle The output of ls -la in /home/andre/www/ is: ls -laĭrwxrwxr-x 3 andre andre 4096 Mai 4 10:02. I tried the same with the moodle folder in /home/andre/www/moodle, but it stayed the same. Trying to change it, but it stayed with read, write, and execute permissions to all. I used the command: sudo chmod -R 775 moodle/ So, my moodle folder has read, write, and execute permissions for everyone, and that's not what I want. Lrwxrwxrwx 1 root root 23 Mai 4 10:20 moodle -> /home/andre/www/moodle/ I'm trying to not give 777 permission in my /var/I created it using: sudo ln -sT /home/andre/www/moodle/ moodleĭrwxr-xr-x 2 root root 4096 Mai 4 10:20. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |