Best practice for webserver setup with no root user [duplicate]
Having installed the web server is there a simple way to set a user able to use the graphic interface to copy files and directories to the local web server /var/www
I gave myself administrative privileges in Ubuntu but it still doesn't allow copies.
Solution 1:
If you make /var/www writeable by its group and add the user to the group, that user will not have to use sudo. Try this:
sudo adduser <username> www-data
sudo chown -R www-data:www-data /var/www
sudo chmod -R g+rwX /var/www
The user should then be able to edit /var/www/ files without hassle.
The first line adds the user to the www-data group, the second line clears up any files with messed up ownership, and the third makes it so that all users who are members of the www-data group can read and write all files in /var/www.
If you are logged in as <username>
you need to log out and log back in for the group membership to take effect.
Solution 2:
You can chown
, that is ch
ange the own
er of that folder. This will allow you to change the user and group of the folder, allowing your user to add/remove files on it. To do it, replace yourusername
with your name and run:
sudo chown yourusername.users /var/www
And thats it.
However, I preffer to create a virtualhost in my home folder, it's much easier.
Basically it allows you to use any folder as a apache serving folder. To show it how it simple, lets assume that your username is username and that the folder that you want to serve is /home/username/www
Create the following file (for instance mywebprojects
) in /etc/apache2/sistes-available replacing the username and the folder path (basically just copy and paste and replace in #CHANGE HERE):
<VirtualHost *:80>
ServerAdmin webmaster@localhost
# CHANGE HERE
DocumentRoot /home/username/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
# CHANGE HERE
<Directory /home/username/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
Now lets create the www
folder, add a simple hello world, disable the default website (/var/www
), enable our website mywebprojects
and restart apache.
mkdir ~/www
echo "<html><h1>Hello World</h1></html>" > ~/www/test.html
sudo a2dissite default #
sudo a2ensite mywebprojects
sudo service apache2 restart
And that it, now you dont need to go to /var/www
, you simply add files to your www
(or other givename) and it's already there :).
Solution 3:
Method 1:
-
Press ALT+F2 and enter gksudo nautilus and then click Run.
- It will open nautilus with root previleges.
- Goto Filesystem → var → www and now you can add/copy/paste your files.
Method 2:
- Install nautilus-gksu
- After installing type
nautilus -q
in your terminal to refresh right click menus. - Now you will find 'Open as administrator' entry in your nautilus right-click menu.
- When you need to open any files with root permission, you just have to right-click on that file/folder and select 'Open as Administrator'.
-
It will open that file/folder with root permission.
Solution 4:
It could be as simple as sudo usermod -a -G developers $username
using ACL.
That takes a little work, though, to start. This is for Ubuntu 10.10 at least. First mount the file systems with the acl option in /etc/fstab.
sudo vim /etc/fstab
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 defaults,acl 0 1
sudo mount -o remount,acl /
Then make a group to which a user may belong for this purpose.
sudo groupadd developers
sudo usermod -a -G developers $username
The user needs to log out and in again to become a member of the developers group.
Of course, do not do this if you have content in the /var/www directory that you want, but just to illustrate setting it up to start:
sudo rm -rf /var/www
sudo mkdir -p /var/www/public
sudo chown -R root:developers /var/www/public
sudo chmod 0775 /var/www/public
sudo chmod g+s /var/www/public
sudo setfacl -d -m u::rwx,g::rwx,o::r-x /var/www/public
Then replace references to "/var/www" with "/var/www/public" in a config file and reload.
sudo vim /etc/apache2/sites-enabled/000-default
sudo /etc/init.d/apache2 reload
If we wanted to restrict delete and rename from all but the user who created the file:
sudo chmod +t /var/www/public
This way, if we want to create directories for frameworks that exist outside the Apache document root or maybe create server-writable directories, it's still easy.
Apache-writable logs directory:
sudo mkdir /var/www/logs
sudo chgrp www-data /var/www/logs
sudo chmod 0770 /var/www/logs
Apache-readable library directory:
sudo mkdir /var/www/lib
sudo chgrp www-data /var/www/logs
sudo chmod 0750 /var/www/logs