Best practice for webserver setup with no root user [duplicate]

permissions webserver

Having installed the web server is there a simple way to set a user able to use the graphic interface to copy files and directories to the local web server /var/www

I gave myself administrative privileges in Ubuntu but it still doesn't allow copies.


Solution 1:

If you make /var/www writeable by its group and add the user to the group, that user will not have to use sudo. Try this:

sudo adduser <username> www-data
sudo chown -R www-data:www-data /var/www
sudo chmod -R g+rwX /var/www

The user should then be able to edit /var/www/ files without hassle.

The first line adds the user to the www-data group, the second line clears up any files with messed up ownership, and the third makes it so that all users who are members of the www-data group can read and write all files in /var/www.

If you are logged in as <username> you need to log out and log back in for the group membership to take effect.

Solution 2:

You can chown, that is change the owner of that folder. This will allow you to change the user and group of the folder, allowing your user to add/remove files on it. To do it, replace yourusername with your name and run:

sudo chown yourusername.users /var/www

And thats it.

However, I preffer to create a virtualhost in my home folder, it's much easier.

Basically it allows you to use any folder as a apache serving folder. To show it how it simple, lets assume that your username is username and that the folder that you want to serve is /home/username/www

Create the following file (for instance mywebprojects) in /etc/apache2/sistes-available replacing the username and the folder path (basically just copy and paste and replace in #CHANGE HERE):

<VirtualHost *:80>
    ServerAdmin webmaster@localhost

    # CHANGE HERE
    DocumentRoot /home/username/www

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    # CHANGE HERE
    <Directory /home/username/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog /var/log/apache2/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

Now lets create the www folder, add a simple hello world, disable the default website (/var/www), enable our website mywebprojects and restart apache.

mkdir ~/www 
echo "<html><h1>Hello World</h1></html>" > ~/www/test.html
sudo a2dissite default #
sudo a2ensite mywebprojects
sudo service apache2 restart

And that it, now you dont need to go to /var/www, you simply add files to your www (or other givename) and it's already there :).

Solution 3:

Method 1:

  • Press ALT+F2 and enter gksudo nautilus and then click Run.

    alt text

  • It will open nautilus with root previleges.
  • Goto Filesystem var www and now you can add/copy/paste your files.

Method 2:

  • Install nautilus-gksu Install nautilus-gksu
  • After installing type nautilus -q in your terminal to refresh right click menus.
  • Now you will find 'Open as administrator' entry in your nautilus right-click menu.
  • When you need to open any files with root permission, you just have to right-click on that file/folder and select 'Open as Administrator'.

  • It will open that file/folder with root permission.

    alt text

Solution 4:

It could be as simple as sudo usermod -a -G developers $username using ACL.

That takes a little work, though, to start. This is for Ubuntu 10.10 at least. First mount the file systems with the acl option in /etc/fstab.

sudo vim /etc/fstab

UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 defaults,acl 0 1

sudo mount -o remount,acl /

Then make a group to which a user may belong for this purpose.

sudo groupadd developers
sudo usermod -a -G developers $username

The user needs to log out and in again to become a member of the developers group.

Of course, do not do this if you have content in the /var/www directory that you want, but just to illustrate setting it up to start:

sudo rm -rf /var/www
sudo mkdir -p /var/www/public
sudo chown -R root:developers /var/www/public
sudo chmod 0775 /var/www/public
sudo chmod g+s /var/www/public
sudo setfacl -d -m u::rwx,g::rwx,o::r-x /var/www/public

Then replace references to "/var/www" with "/var/www/public" in a config file and reload.

sudo vim /etc/apache2/sites-enabled/000-default
sudo /etc/init.d/apache2 reload

If we wanted to restrict delete and rename from all but the user who created the file:

sudo chmod +t /var/www/public

This way, if we want to create directories for frameworks that exist outside the Apache document root or maybe create server-writable directories, it's still easy.

Apache-writable logs directory:

sudo mkdir /var/www/logs
sudo chgrp www-data /var/www/logs
sudo chmod 0770 /var/www/logs

Apache-readable library directory:

sudo mkdir /var/www/lib
sudo chgrp www-data /var/www/logs
sudo chmod 0750 /var/www/logs

Related

How to use an Android Handler to update a TextView in the UI Thread?
Install "Daedalus Wallet??"
SSH Permission denied (using right password)
How to configure Function keys on laptop Asus FX506HE-HN012 with Ubuntu 21.04
How can I handle forms authentication timeout exceptions in ASP.NET?
my home folder is infested with /.folder and /.temp
dynamic script loading synchronization
Setting up tensorflow-GPU Conda environment with CUDA 11.2 and cuDNN 8.1-8.2 (CUDA 460 Driver
How to access a cloned VirtualBox Ubuntu Server via SSH to get a different Address
A simpler regular expression to parse quoted strings
Is it safe to dispose HttpConfiguration?
How to add custom title to django form fields?