Centos – Adding the apache user to the default group doesn’t give apache group access

apache-2.2centosgroupspermissions

The whole Linux user:group topic just gives me headaches again.

Situation

I have my document roots (httpdocs) and everything inside chown-ed to a certain user and a certain group, let's say myuser:mygroup.

chown -R myuser:mygroup httpdocs

Now apache doesn't have access to let's say a public images folder. So I add apache to mygroup, for example with:

usermod -a -G mygroup apache

Question

Any file or folder which I chmod to 775 should now give apache write permission, not?
Doesn't happen… do I have to reload, restart or else reinitiate something for this to happen or do I still just not get the whole thing.

Best Answer

Did you restart apache after making the change? The groups will only be enumerated for the apache account when apache server is restarted.

Related Solutions

Finding out what user Apache is running as

ps aux | egrep '(apache|httpd)' typically will show what apache is running as.

Usually you do not need to change the default user, "nobody" or "apache" are typically fine users. As long as its not "root" ;)

edit: more accurate command for catching apache binaries too

Password protect vhost virtual document root

I think it is safe to say the %1 and %2 expansions only happen within the few mod_vhost_alias directives that support such magic.

This may be an example where the slightly less secure Location directive can be used to contain the authentication directives i.e.

<Location />
   AuthType Basic
   AuthName "HALMA"
   AuthUserFile /usr/local/apache/passwd/passwords
   Require valid-user
</Location>

Alternatively, a Directory directive may also contain regular expressions, allowing something like:

<Directory ~ "^/home/.*/htdocs/.*/">

</Directory>

Which you can improve by adding a regular expression that matches your username naming conventions e.g. "^/home/([a-z_][a-z0-9_]{0,30})/htdocs/.*/"