I had a problem with the PHP fwrite function not writing anything and I figured it was because of rights.
One apache process is run by root and several others by www-data:
$ ps -aux |grep apache
root 21239 0.0 0.3 222104 26524 ? Ss 02:31 0:00 /usr/sbin/apache2 -k start
www-data 21240 0.0 0.1 222316 13736 ? S 02:31 0:00 /usr/sbin/apache2 -k start
…
The web root directory was owned by root:root with no write rights for the group owner (755):
/var/www# ls -l
drwxr-xr-x 9 root root 4096 Feb 29 02:11 html
So I changed the group owner of the root directory to www-data and granted write rights:
/var/www# chown root:www-data html
/var/www# chmod 775 html
/var/www# ls -l
drwxrwxr-x 9 root www-data 4096 Feb 29 02:11 html
Now it worked. My question is if this is a proper and – most important – secure setup.
Advertisement
Answer
This is because Apache runs as www-data
in Ubuntu. But, if you would download the source code and compile it, it will run as the user daemon
. The folders that Apache uses should be owned by the user Apache runs as.
So, if you would need to change the Apache’s default user and group change/add the line:
User <your-username> # (Without angle-bracket) Group <your-group> # (Without angle-bracket), this setting is usually the same as the user
You cannot write using PHP beacause you are using the php module in apache. If you would use PHP-FPM, then you would have to change the default user and group in PHP-FPM’s www.conf file. You are not using PHP-FPM by the info you have given, hence, when you change Apache’s user and Group, it is also applied to PHP, as PHP is running in Apache. If you have a lot of visitors, and your website needs to be faster, then, enable PHP-FPM by doing the following:
1) Unload the mod_php(version-number) by running:
sudo a2dismod php(version-number)
(Optional Step) 2) You might need to use mpm_event and unload mpm_prefork. You might see a weird message saying conflict and stuff, but ignore it. You can do it by running:
sudo a2dismod prefork && sudo a2enmod event
3) Install PHP-FPM:
sudo apt install php(version-number)-fpm && sudo service php(version-number)-fpm start
4) Enable proxy_fcgi module in Apache:
sudo a2enmod proxy_fcgi
5) Add the following to apache2.conf file:
<FilesMatch ".ph(p[2-6]?|tml)$"> SetHandler "proxy:fcgi://localhost:9000" </FilesMatch>
6) Run:
sudo service apache2 restart
And you’re done!