Re: Permissions

[Ethan Rosenberg <erosenberg@hygeiabiomedical.com>]

On 08/27/2013 03:31 PM, Steven Post wrote:
> On Tue, 2013-08-27 at 13:43 -0400, Ethan Rosenberg wrote:
> > Dear List -
> >
> > I apologize for this "needle in a haystack"  but...
> >
> > This was originally posted on the PHP list, but has changed into a
> > Debian question...
> >
> > Tried to run the program, that we have been discussing,{on the PHP list}
> > and received a 403 error.
> >
> > rosenberg:/var/www# ls -la StoreInventory.php
> > -rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php
> >
> > rosenberg:/var# ls -ld www
> > drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www
> >
> > I had set the S bit [probably a nasty mistake] and I thought I was able
> > to remove the bit. [it doesn't show above]
> >
> > I made the following stupid mistakes...
> > note commands from the root prompt have a su appended
> >
> >     467  chown -R ethan:www-data www 	su
> >     469  chown -R ethan:www-data www 	su
> >     470  chmod -R g+s www 	su
> >     471  chgrp -R  www 		su
> >     477  chgrp -R ethan www 	su	
> >     480  chmod -R 766 www 	su
> >     482  chmod g-S www 	su
> >     485  chmod -S www 		su
> >     486  chmod g S www 	su
> >     487  chmod gS www 		su
> >     488  chmod S www 		su
> >     489  chmod 776 www 	su
> >     492  chmod 776 -R www 	su
> >     494  chmod -s -R www 	su
> >     504  chmod 666 StoreInventory.php
> >     512  chmod 3775 StoreInventory.php
> >
> > I now have....
> >
> > ethan@rosenberg:/var/www$ ls -la StoreInventory.php
> > -rwxrwsr-t 1 ethan ethan 4232 Aug 27 00:18 StoreInventory.php
> >
> > ethan@rosenberg:/var$ ls -ld www
> > drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www
> >
> > and still have the 403 error.
> >
> > How do I extricate myself from the hole into which I have planted myself?
>
> The problem appears to be that Apache does not have access to the file.
> Looking at the permissions of the file it should work, however, apache
> is not able to go into your /var/www folder. Either you need to set
> www-data as the owner of the directory, or as the group owner, or,
> possibility number 3, give execute rights to 'others' on that folder.
>
> Pick one (you might need to be root for the first 2 in your situation):
> 1) chown www-data /var/www
> 2) chgrp www-data /var/www
> 3) chmod -R o+X /var/www
>
> Note the capital 'X' on option 3, this gives execute permissions on
> folders only, not files, as the -R means all files and subdirectories as
> well.
>
> The 't' is known as the sticky bit if I recall correctly, set with 1 on
> the first number in a 4 number chmod command, for details see [1].
> I guess in your case you can use 0664 for the files and 0775 for
> directories (or 0640 and 0750 if you set owner or group back to
> www-data)
>
> Best regards,
> Steven
you wrote about a 403 error, so I assume you invoke the script by
calling a webserver via browser.
In that case the webserver needs the permission to access /var/www and
to read StoreInventory.php.

By default the webserver runs as user/group www-data (it can be changed
in the webservers config-file(s)).

Try this:

#chown -R ethan:www-data /var/www
#chmod 775 /var/www
#chmod 640 /var/www/StoreInventory.php

Your ls should return something like this:

$ls -hal /var/www
drwxr-x--- 1 ethan www-data 4.0K Jun 3 20:35 .
-rw-r----- 1 ethan www-data 623 Jun 3 20:35 StoreInventory.php


If that does not work you might check the configuration- and log-files
of your webserver.

Dear List -

I had to go to a meeting but before I left I tried one last thing -

 chmod 000 www
 chmod 0777 www
rosenberg:/var# ls -ld www
drwxrwxrwx 37 ethan ethan 20480 Aug 27 17:30 www

 chown ethan StoreInventory.php
 chgrp ethan StoreInventory.php
 chmod 000 StoreInventory.php
 chmod 777 StoreInventory.php
ethan@rosenberg:/var/www$ ls -la StoreInventory.php
-rwxrwxrwx 1 ethan ethan 4232 Aug 27 17:25 StoreInventory.php

when I returned...

IT WORKS!!!

Thanks to all.

Ethan