Php – Apache LAMP permisson issues on Ubuntu server

apache-2.2permissionsPHPubuntu-10.04

I have been trawling the internet for a few days now and think I've tried almost everything to get some virtual hosts set up on my Ubuntu server but everything short of chmod 777 on the webroot fails.

I have my default Apache conf pointing at /home/server/public_html with the the settings show below

<VirtualHost *:80>
    ServerAdmin webmaster@localhost

    DocumentRoot /home/server/public_html/
    <Directory />
            Options FollowSymLinks
            AllowOverride All
    </Directory>
    <Directory /home/server/public_html/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
            AllowOverride None
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            Order allow,deny
            Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from all
</Directory>

</VirtualHost>

I have then created a virtual host for a project I'm working on say for example project.name.co.uk.conf and inside there I have the following

<VirtualHost *:80>
    ServerName http://www.local.dirty-briefs.co.uk
    ServerAlias local.project-name.co.uk
    DocumentRoot /home/server/public_html/project-name/
    DirectoryIndex index.php index.html
</VirtualHost>

I then ran sudo a2ensite project.name.co.uk.conf.
I'm working on a windows 7 machine using samba to access the files on the server. I added the project.name.co.uk to my windows hosts file however not matter what I do I get 403 permission errors.

edit

Thought id add the tail of the Apache error log in case it was useful

*==> /var/log/apache2/error.log <==
[Sat Jun 11 13:22:23 2011] [error] [client 192.168.0.3] PHP Warning:          require(/home/server/public_html/dirty-briefs/site/protected/config/main.php): failed to open stream: Permission denied in /home/server/public_html/dirty-briefs/framework/base/CApplication.php on line 120
[Sat Jun 11 13:22:23 2011] [error] [client 192.168.0.3] PHP Fatal error:  require(): Failed opening required '/home/server/public_html/dirty-briefs/site/protected/config/main.php' (include_path='.:/usr/share/php:/usr/share/pear') in /home/server/public_html/dirty-briefs/framework/base/CApplication.php on line 120*

It may also be worth mentioning I'm working with Yii the PHP framework I have a .htaccess file that lives in my site folder with the following inside

    # Disable directory browsing
    Options All -Indexes

    # File types
    AddType application/x-font-woff .eot .ttf       # Font-Face


    # URL Rewriting
    <IfModule mod_rewrite.c>
    RewriteEngine On

    # Site Maintenance
    # RewriteCond %{REMOTE_ADDR} !^10\.0\.2\.2
    # RewriteCond %{REQUEST_FILENAME} !-f
    # RewriteRule ^(.*)$ /maintenance.html [L]

            
    # LOCAL 
    RewriteCond %{SERVER_NAME} ^local.project-name.co.uk
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ /index-local.php/$1
    # -----

    # PRODUCTION
    RewriteCond %{HTTP_HOST} ^project-name.co.uk
    RewriteRule ^(.*)$ http://www.project-name.co.uk/$1 [R=301,L]

    RewriteCond %{SERVER_NAME} ^www.project-name.co.uk
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ /folder/index.php/$1
    # -----
    </IfModule>

I tailed the Apache error and access logs and found I was getting perm errors on importing files inside my PHP script due to permission errors.

I have read about checking what user and group Apache is running under, which are www-data www-data so I'm guessing Apache basically doesn't have perms to access the files under /home/server/public_html unless I give the folder 777 perms which I don't want so I'm just wondering if anyone can spot what I'm doing wrong or advise on anything I can try to get this working

Best Answer

This folder layout is a litle confusing. Your default vhost directive specifes /home/server/public_html/ as the DocumentRoot, but then you specify a subfolder of it as the root of your application. This isn't an optimal configuration. Try moving the site out of public_html into its own folder (/home/server/project or somesuch) and setting the DocumentRoot accordingly.

Once it's moved, you don't need 777 permissions to make it accessible, though it does need to be readable by www-data. Try:

chmod -R 644 /home/server/project   
find /home/server/project -type d -exec chmod 755 {} \+

This will make everything world-readable and all the folders traversable (setting the execute bit on folders does this).

One other thing: ServerName doesn't use the http:// prefix. You should remove that from the configuration and leave just the domain name.

Restart your apache after this changes and you should be able to reach the site with your given host name.

Related Topic