How do I give addmin permission to PHP user/permission to write to filesystem on Ubuntu 14 server?

badwolfff
badwolfff used Ask the Experts™
on
Hi,

When joomla or wordpress try to write to the filesystem, which user do they use?
Is it possible to give that user admin permissions?

I did a test on my MAIN SERVER (ubuntu 14.04 x64 with php 5.5.9) and on page 3 of this application I got one error:
PHP cannot write to filesystem: http://www.mismatched.be/index.php?step=2

I also use two shared hosting servers, one in the US and on in Italy and the same test does not give that error:
http://www.associazioneculturaleinasia.it/check.php?step=2
and
http://just.bo/index.php?step=2

How is it that automatically on those servers when I use Joomla or Wordpress the CMS installation software can write to .htaccess, configuration.php and wp-config.php files and tmp, cache, logs folders without any problems and on my I get errors?

On my ubuntu MAIN SERVER server (with the php permissions problem) I manually upload joomla.zip or wordpress.zip and unzip them and then I use the following command to give the permissions:

for the directories
sudo find /site_installation_folder/ -type d -exec chmod 755 {} \;


for files only
sudo find /site_installation_folder/ -type f -exec chmod 644 {} \;


What am I doing wrong and how to enable the right permissions so that I don't have to set 777 chmod permissions on any folder?

thanks in advance
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kent WSr. Network / Systems Admin
Commented:
Having permissions like 755 or 644 are meaningless by themselves.  We would need to know the user.group assigned to these files and folders also.
Generally, apache runs as user "apache".  PHP is an extension of your web server, and will use it's credentials.
So, to write a file, apache would need write permissions to that file.

You can see that the permissions 755 with the owner being root.root would be different than if the user.group were apache.apache.

If you change the owner.group to apache.apache, then your appropriate permissions for regular files would be 550 (440 really for static sites, but with php apps, you will run into non-execute permissions problems often).
For any files you need apache to write to, it would be 660.
Sysadmin
Commented:
php runs normally under the apache user.

ubuntu apache standard is the username www-data.  so give write access to this user should solve the problem.

you can do this on a folder with    chown -R www-data:www-data foldername

Author

Commented:
Hi mugojava thanks for your message.
Do I change the owner for a CMS folder using:

sudo chown -R apache:apche /path_to_folder/

thanks
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Author

Commented:
ah thanks David will try right away :)
Kent WSr. Network / Systems Admin

Commented:
Yes, that how to change the user.group.  Then set your permissions the same way using chmod
(sudo chmod -R 550 /path_to_folder/)
And on the certain files that need apache to write -
(sudo chmod 660 /path_to_folder/file.ext)

Do you understand what each integer's place means in the chmod permissions?

Author

Commented:
works! thanks!

I changed the permissions on the entire folder and everything works.

By the way, when I use SCP now to connect, my user "lupocatttivo" cannot delete, rename etc. files that are owned by www-data. Is it possible to add my user "lupocatttivo" to the www-data group as well as the admin group (which it already is). Is this possible?

thanks again
Yes.
Kent WSr. Network / Systems Admin

Commented:
Yes, you can do that, or just use sudo.  Sudo is safer.

Every user also has a "group", so you can change owner to like apache.lupocatttivo, and give yourself either r+w (6) or rwx (7),  So for apache.lupocattivo, 570 would give apache read, your group "lupocatttivo" rwx, and all others nothing.

In the permissions, say 660, the first 6 is for "user", second 6 is for "group", and last 0 is "all others".

Apache will work correctly if it's got appropriate permissions as either user or group.  You don't have to have it as both user and group, that's just a common method.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial