Apache 2 Forbidden Access to mounted directory via sshfs - apache2

I have following problem:
I would like to give an access for my Apache to index.html which exists on my Virtual Machine created by Vagrant. Directory is mounted by SSHFS with -o allow_other option.
Used tools and versions are:
System: Linux Ubuntu 15.04
Apache: 2.4.12
Mount via SSHFS with -o allow_other
Mount process is correct because directory and file are visible in my system. I can open/modify/etc them.
But when I try to open this file via Apache then I receive
Forbidden
You don't have permission to access / on this server.
Apache/2.4.12 (Ubuntu) Server at xxx.yyy.com Port 443
Configuration for Apache:
<Directory /var/www/interscape-frontend>
Options FollowSymLinks
Order allow,deny
Allow from all
Require all granted
</Directory>
DocumentRoot /var/www/interscape-frontend
Is it possible? If yes then how? :)
Thanks in advance!

What are the permissions on the folder/files? Who owns them?
If you cd /var/www and ls -al what words come up? See an example below.
-rw-rw-r--+ 1 (owner) (group) 277 Mar 16 00:31 build.xml
The left-most stuff is owner / group / all permissions. Following that, the owner and group are indicated. If apache isn't the owner (www-data usually), a part of the group listed, or the file does not permit all to have rw or rwx, then you may encounter the problem you've described.
You can change the owner and group with the following commands, respectively:
sudo chown -R (user) /path/to/directory
sudo chown -R (user):(group) /path/to/directory
Where the -R flag indicates to do it recursively (to all sub-directories).
Also, as per the apache 2.4 upgrade guide you can remove the following from your *.conf:
Order allow,deny
Allow from all
As they only apply to apache 2.2 and under.

Related

Apache2 - WSGI file not found Issue

I run bash script file through python code. The script is located /home/myscript.sh. The script convert html to pdf and print. If I run the python program in development mode it works fine but if I run in WSGI production mode it give me error "File not found" to print. But if I give access 7777 to home directory it works fine. And I need to do this access step every time whenever machine restarted. Also it not good solution.
I search a lot and change apache2.conf file
<Directory /home/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
But still there is problem. Please help me. I used Apache 2.4.9 version. Advance thanks
Update
In /etc/apache2/apache2.conf file
"User ${APACHE_RUN_USER}" and "Group ${APACHE_RUN_GROUP}"
And in envvars it sets like
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
Still problem exist.
If issue is with directory
Example /home
Move the file from /home to /var/www
sudo chown www-data:www-data /var/www/filename
or
sudo chown www-data:www-data /var/www/filename
If the issue with USB port
Example
ttyUSB0
,
ttyACM0
,
ttyACM1
Write script to change the owner
#!/bin/bash
sudo chown www-data:www-data /dev/ttyACM0
Call this script from your code using subprocess.call
But allow the user www-data to run this file as sudo with out password
sudo visudo
and add the below line in the last
www-data ALL = (ALL) NOPASSWD : /var/www/filename
or
www-data ALL = (ALL) NOPASSWD : ALL

postgresql error connecting after moving data directory

EDIT-2
I found out that the database doesn't even start after making the file location change.
This is with the default file location:
$pg_isready
/var/run/postgresql:5432 - accepting connections
$pg_lsclusters
Ver Cluster Port Status Owner Data directory Log file
9.5 main 5432 online postgres /var/lib/postgresql/9.5/main /var/log/postgresql/postgresql-9.5-main.log
pg_lsclusters output is green.
After the file location has changed on postgresql.conf:
$pg_isready
/var/run/postgresql:5432 - no response
$pg_lsclusters
Ver Cluster Port Status Owner Data directory Log file
9.5 main 5432 down root /mnt/Data/postgresdb/postgresql/9.5/main /var/log/postgresql/postgresql-9.5-main.log
Here the output is red.
Following this post here, I tried to start the cluster manually:
$pg_ctlcluster 9.5 main start
Warning: the cluster will not be running as a systemd service. Consider using systemctl:
sudo systemctl start postgresql#9.5-main
Error: You must run this program as the cluster owner (root) or root
I tried the same command with sudo:
Error: Config owner (postgres:124) and data owner (root:0) do not match, and config owner is not root
Which again makes me think the problem might lie with permissions of the directory. The directory is owned by root whose ownership I am unable to change.
EDIT-1
I've been working on this and I'd like to distill this post further to give more specifics. This is my current situation:
I installed postgres: sudo apt-get install postgresql and postgresql-contrib
I used sudo -U postgres psql to get into the postgres shell (I'm not sure if this is what I need to do)
show data_directory returns: /var/lib/postgresql/9.5/main
The data directory is located in Ubuntu ext4 formatted hard drive. I also have a 1 TB NTFS formatted hard disk mounted on /mnt/Data (which is mounted automatically on boot). What I tried:
Stop the postgres service: sudo systemctl stop postgresql
Create a new directory /mnt/Data/postgresdb and copy contents of the previous main to this which gives me a full path of /mnt/Data/postgresdb/postgresql/9.5/main using: sudo rsync -av /var/lib/postgresql/ /mnt/Data/postgresdb/postgresql/
Edit /etc/postgresql/9.5/main/postgresql.conf to change data_directory from the path mentioned above to /mnt/Data/postgresdb/postgresql/9.5/main
Start the postgres service: sudo systemctl start postgresl
Run sudo -U postgres psql but get the error that was mentioned in the original post.
These are the permissions on the respective main directories:
ls -l /var/lib/postgresql/9.5/
total 4.0K drwx------ 19 postgres postgres 4.0K Jan 16 12:40 main
ls -l /mnt/Data/postgresdb/postgresql/9.5/
total 4.0K drwxrwxrwx 1 root root 4.0K Jan 16 12:13 main
From the looks of it, the default directory is owned by "postgres" and the new directory is owned by root. However, when I try to change ownership to postgres: chown -R postgres main, it doesn't output any error, but the ownership doesn't change. I'm curious whether this is because this drive is NTFS formatted and is mounted.
Here is my /etc/fstab:
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/sda5 during installation
UUID=3f5a9875-89a3-4ce5-b778-9d7aaf148ed6 / ext4 errors=remount-ro 0 1
# swap was on /dev/sda6 during installation
UUID=85c3f4d4-e450-435b-8dd6-cf1b2cbd8fc2 none swap sw 0 0
/dev/disk/by-label/Data /mnt/Data auto nosuid,nodev,nofail,x-gvfs-show 0 0
Any ideas on how I can go about fixing this?
ORIGINAL POST
Recently, I installed Postgresql for storing some data for my research. The dataset came with instructions on how to setup the data on a Postgresql database (if interested, more info on that here and here). I installed Postgresql and set up a "role" and used the script that was provided for loading the database. It worked but I underestimated the size of the dataset and the script quit saying there was no more space.
I have two drives on my computer a 250G SSD drive with Windows and Ubuntu installed (125G each). And a 1TB HDD NTFS formatted where I store my data. So I thought moving the database to a folder on the other drive would be helpful. I purged all the data and the database to start afresh and followed the instructions here to move the database directory. However, after moving the directory, when I try to connect using psql I get the following error:
~ psql -U username -d postgres 14:48:33
psql: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
How can I fix this? I am running 64-bit Ubuntu 16.04 with Postgresql-9.5. As mentioned earlier, I moved the DB directory a NTFS formatted filesystem (not sure if that cause any problems).
Thanks.
As mentioned in the comments the NTFS was the problem. I ended up resizing my bigger hard drive with 100GB formatted as ext4 and was able to launch postgres with the new data directory without any problems.

What are the right ownership & permissions to the CakePHP app/tmp folder for production?

I would like to know the answers and explanation to the following questions:
Which user/group should own the cake files?
If different, which user/group should own the app/tmp folder? (and subfolders)
With the right user/group, what are the correct permissions for production of both folders and files? (which also if set correctly should work on development)
Where is storing of uploaded files done and what ownership/permissions need to be set to that folder. Where should it be relative to app/?
I know 777 fixes errors, but I would like to set it up correctly.
I have heard 660 should be more than enough for production if everything is correctly set up.
Who needs to have read access, who needs to have write access and does anyone need execute?
NOTE: I think I have found the answers and since no one has written a good answer, I will write it.If you are more knowledgeable on the topic and see errors or security issues please let me know, I will correct them.
1) CakePHP ownership
The CakePHP files should be owned by you, the user of the machine (whatever you log in with). Do not have root as owner!
OSX: the johnsmith part of /Users/johnsmith
Linux: the johnsmith part of /home/johnsmith
2) app/tmp ownership.
As per CakePHP documentation:
...make sure the directory app/tmp and all its subdirectories in your
cake installation are writable by the web server user.
Option 1:
The user owner needs to be apache's user. The group owner can be the group that you belong to, so that you also have access to this folder through finder/CLI. Do not have root as owner!
OSX: Apache is preinstalled on OSX lately and the default user of apache is _www. However if you are not sure you can find it out by typing terminal ps aux | grep httpd while apache runs. The last line is the command you just typed, so look above it.
Now that you know your apache user, you have to assign it to app/tmp/. You do this with the following command: sudo chown -R _www app/tmp/
Linux: The default user on linux is usually www-data with group www-data. If you are not sure, use ps aux | grep httpd to find out the user and sudo chown -R _www app/tmp/ to assign ownership to apache of that folder.
Option 2:
You can keep yourself as the user owner, but you set up the group owner to be the a group that apache belongs to. By default apache has it's own group, but you could create a new group and add apache to it.
OSX: The group of apache on OSX by default is the same os the user: _www. You then have to run the following command to se up the ownership: sudo chown -R :_www app/tmp/. Now if you check the permissions with ls -l you should see both your username (johnsmith) and the new group owner - _www.
Linux:* By default the group of apache is www-data so use the same commands to change ownership: sudo chown -R :www-data app/tmp/.
NOTE: Debian/Ubuntu use www-data, while CentOS uses apache.
3) Permissions
For the site to run, apache needs read and write without execute. For you to access it (assuming you are in the group that owns app/tmp) you also need read and write if you will edit manually things with terminal/finder. All other users should have no rights whatsoever. So:
OSX&Linux: sudo chmod -R 660 app/tmp/. The -R part is to do it recursively for all inside folders. The first 6 is for the user owner (OSX:_www or Linux:www-data), the second 6 is for the group owner (OSX:staff or Linux: johnsmith), the 0 is for all other users/guests.
NOTE: According to this pull request for CakePHP it looks like CakePHP 2.4 will have ability to create subfolders in app/tmp/ which means it will need a 7 instead of 6 for the user now becoming 760.
4) Uploads folder
If you want to upload files, you need a similar setup for the img/uploads folder, or wherever you upload. The ownership will be the same, but the permissions need to have execute rights for renaming purposes and folder creation. so the previously 660 should now be 760. Also, ideally, the uploads are out of the webroot/ directory, for which an absolute path is required.
For all files in app/tmp and subfolders you only need rw for the web server process and if needed to use the CLI, the console user.
If someone runs console commands with a user that has super rights or is in the wrong group it messes up things because what one creates can't be read or written from the other and then there are warning or failure messages. Some people (including me when I'm too lazy) fix that with 777 :)

Is There Any Location Specific in Apache2

I'm using Apache2 running on Ubuntu-12.04 machine and I run my files through apache2 pointing to my folder in the local file system like
$ cd etc/apache2/
$ vi sites-enabled/000-default
And I change the location pointing to my folders in
DocumentRoot /home/user/foo/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/user/foo/>
What is the default location of Apache2 web root where if I would just copy my files the Apache server would pick it. For running hundreds of files through Apache2 each and every time I keep doing the above steps of changing the location manually. Is there any other best way of doing it.
It would be great if anyone could help me out.
If do an ls -l inside /etc/apache2/sites-enabled/ you'll see that 000-default is a symlink to /etc/apache2/sites-available/. The idea being that you create site definition files in sites-enabled, then symlink to them from sites-available... making it very simple to enable and disable sites as needed.
In fact, Ubuntu provides the a2ensite command to enable sites, and a2dissite to disable sites. This means all you have to do is create the vhost file in sites-available, then run a2ensite to enable it.
Take a look at https://help.ubuntu.com/12.04/serverguide/httpd.html for more details.

DatabaseError unable to open database file

My sqlite db file is this: unable to open database file i chowned all folders until my dbfile to root. but i am still getting this error. but i remember that while creating my django project on server, i created a superuser, and now if i do ls -l i see that the user is that superuser. how is it possible to tell apache that this superuser should have that right to write/read the db file? or how to solve the problem, i am not apache/linux guru..
Execute chown www-data:www-data directory on the directory you want apache to be able to write to.
You should be able to just leave the file as owned by the super user and just change the group so that apache can read/write it as well.
Change the group for the sqlite file and the containing directory. Try this:
cd <directory with sqlite file>
sudo chgrp www-data . <sqlitefile>
You can find write group and www user and change permissions.
Say: cat /etc/passwd - for find right user, It may be apache or http or www.
And say to terminal: cat /etc/group -for find right group.
In my system group=apache, user = apache.

Resources