Home / server / Questions / 183733
Accepted
Olivier Lalonde
Asked: 2010-09-23 11:34:17 +0800 CST

How to let Apache access /home/*/www/?

  • 772

My apache server is currently running under user "www-data". However, this user doesn't have the permissions to access /home/username/www. What is the best way to give Apache the right permissions so that it can access all /home/*/www directories? Is there anyway to set a different user for Apache depending on which document root it is serving?

ubuntu apache-2.2

3 Answers

  1. The typical way to do it is the change the group of those directories to www-data and allow executable access to the group:
    chgrp www-data /home/*
    chmod g+x /home/*
    chgrp -R www-data /home/*/www
    chmod -R g+x /home/*/www

    This assumes that www-data is a pre-existing group (it usually is). If not replace www-data above with web and do the following first:
    groupadd web
    usermod -aG web www-data

    Personally I'd do it with an ACL, but I don't know if setfacl is an option on Ubuntu:
    setfacl -m user:www-data:r-x /home/*
    setfacl -R -m user:www-data:rwx /home/*/www
    setfacl -d -R -m user:www-data:rwx /home/*/www

    • 3

  2. You have a couple options here...

    First, you could use groups for this. Create a group for this purpose (or use a pre-existing group). Add the apache user to that group. Set the group owner of those directories to the group you previously created. Allow group read access and execute on directories.

    Second, you can set up suexec with apache. Using this, apache processes for each specific vhost would get started with that "user's" account, thereby allowing that process to access the appropriate directories.

    • 0
  3. Best Answer

    Here is how I did it:

    chgrp www-data /home/*;
chgrp www-data /home/*/www/;
chmod g+s /home/*/www/; #So that every newly created file inherits the group www-data
    • 0