7

Ok, I'm almost completely new to linux and apache configuration.

My problem is that I've got apache displaying the default page, but when I try and access it via sFTP it tells me that I have write permission denied when trying to write to /var/www/html.

I can log in to the server through fileZilla just fine. When I use the command ls -l /var | grep www (I think that's how you check permission) and it returns "drwxr-xr-x 6 root root 4096 Jul 15 7:18 www". I've been reading around and apparently www-data is supposed to be where root is but I don't know.

I'm accessing through the ec2-user with the .pem file.

I think I'm supposed to add my user to the group in charge of the html folder, but it looks like its root so I'm just not sure what is wrong with that.

Any ideas on how I can get around this? Preferably securely.

EDIT

I can write to the /home/ec2-user directory with the same setup. So I'm guessing I just need to add ec2-user to a certain group? I don't have a group called www-data like some have suggested I should and it sounds like giving ec2-user root privileges is ill advised. Could be wrong on that.

Poodimizer
  • 185
  • 1
  • 2
  • 6

2 Answers2

3

If you are using Ubuntu the Apache user will be www-data, but if you are using CentOS the webserver user will be Apache, so can you grep and see whether Apache user exist or not:

grep apache /etc/passwd

If the apache user exist you can use :

chown -R apache:apache /var/www/html
Uwe Keim
  • 2,420
  • 5
  • 30
  • 47
ZVIK
  • 535
  • 3
  • 11
  • alright I got this to work using a combination of this and adding ec2-user to the apache group and making the files writable through the group. Does doing it this way open up an unnecessary security hole? – Poodimizer Aug 07 '12 at 08:09
  • This is not a good security practice,its not advisable to add apache user kindly go over the link http://serverfault.com/questions/389020/does-adding-an-user-to-the-apache-group-creates-a-security-hole there is no need of adding ec2-user to apache doing chown will fix the problem, you can remove user from a group by using gpasswd command Also remove the permission of others group. – ZVIK Aug 07 '12 at 09:53
  • If I remove ec2-user from the apache group I lose the ability to upload data when logging in as ec2-user. Am I supposed to log in as apache or should I change who owns the folder to ec2-user? Or am I missing the point entirely? If I understand that link correctly it would be secure to make the folder owned by ec2-user and the group that runs it as root and make it only writable by ec2-user while everyone else has read access right? – Poodimizer Aug 07 '12 at 15:54
1

Login using PuTTY and run sudo chown -R www-data /var/www/html This will change the directory owner to www-data. If this doesn't work, make sure this is the correct account. It doesn't sound correct.

jamieb
  • 3,427
  • 4
  • 25
  • 36
  • i used the command egrep -i "^www-data" /etc/group which I guess is supposed to return some information if the group exists and it doesn't look like it does. Was I supposed to create this group? I used the command you suggested and it said www-data was an invalid user – Poodimizer Aug 07 '12 at 07:17