Linux – AWSTATS – manual update error (permissions)

apache-2.2awstatslinux

Error: Couldn't open file "/var/www/awstats/awstats032014.site.net.tmp.9198" for write: Permission denied 

Setup ('/etc/awstats/awstats.site.net.conf' file, web server or permissions) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs' directory).

I get this error when manual trying to update awstats (via the browser link). I have set the folder permissions of /var/www/awstats/ to 775 and still get the error.

If I create a new file on that folder the default permission setting set the permissions to 774 which should work.

Best Answer

The permissions drwxrwxr-x root root mean that only the root user and members of the root group can write to that directory. Creating or deleting files within a directory is considered to be writing to that directory so the permissions checks are done against the containing directory when you try to create the file /var/www/awstats/awstats032014.site.net.tmp.9198.

The other half of this problem is that it is Apache that is doing the creating of files. Apache usually runs as the www-data user on Debian based systems and as httpd on RedHat based systems. These users are not in the root group and so cannot write to that directory.

The principle of least privilege suggests that we should make a change that allows just what we want and no more. So I think changing the directory owner to the Apache user would do the job.

chown www-data /var/www/awstats

You can also change the mode back to 755 from 775 if you want and it will still work.

Instead of changing the ownership, you could change the group of the directory, or add the www-data user to the root group, or change the mode of the directory to 777. The latter two allow much more than just what we're trying to do here and hence should be considered dangerous.

Related Solutions

Linux – How to Set Up Permissions for the WWW Folder

After more research it seems like another (possibly better way) to answer this would be to setup the www folder like so.

sudo usermod -a -G developer user1 (add each user to developer group)
sudo chgrp -R developer /var/www/site.com/ so that developers can work in there
sudo chmod -R 2774 /var/www/site.com/ so that only developers can create/edit files (other/world can read)
sudo chgrp -R www-data /var/www/site.com/uploads so that www-data (apache/nginx) can create uploads.

Since git runs as whatever user is calling it, then as long as the user is in the "developer" group they should be able to create folders, edit PHP files, and manage the git repository.

Note: In step (3): '2' in 2774 means to 'set Group ID' for the directory. This causes new files and sub directories created within it to inherit the group ID of the parent directory (instead of the primary group of the user) Reference: http://en.wikipedia.org/wiki/Setuid#setuid_and_setgid_on_directories

Php – Access Denied for PHP Files Only

<Directory /srv/www/hostname/public>
    Order allow,deny
    Allow from all
</Directory>

That doesn't include /srv/www/hostname/fcgid-bin/; assuming there's no Allow applying to it elsewhere in your config, this is the problem. You'll need to Allow access to this location.

Best Answer

Related Solutions

Linux – How to Set Up Permissions for the WWW Folder

Php – Access Denied for PHP Files Only

Related Topic