Home / ubuntu / Questions / 1003282
Accepted
Skrypt
Asked: 2018-02-06 07:33:36 +0800 CST

Apache - Allow access to user home directories

  • 772

I've been stuck with this problem for a week now, browsing through various websites, I just can't seem to make this work.

I have Apache2 installed and a Wordpress website, located in a user's folder at /home/<user>/www.

Now the website works and all, but installing plugins from the webinterface (and anything else that requires write access - changing settings, uploading media, etc.) won't work, as wordpress (more like apache) doesn't have write access to those files.

the /home/<user>/www directory and everything beneath belongs to the user and the group <user>.

I've already tried multiple solutions, but none of them worked, including:

  1. Changing the owner of /home<user>/www to www-data:www-data. Alright - honestly, I didn't try this solution, as I don't want it. If you do this for all the users on the server, they will gain access to all folders, but they should only be able to access their home folder, not the others.

  2. Adding www-data to the user's group. I thought this might work, but apparently it doesn't. The www-data user is indeed in the user's group (checked with the id command), but it still doesn't seem to work.

  3. Setting an ACL on the user's home directory. Did that too and gave www-data rwx access to the home directory, and yet it still didn't help.

In case you're interested, the /home/<user>/ directory and all files/directories beneath have the 775 permission.

permissions apache2 users wordpress

1 Answers

  1. Best Answer

    Alright, so after continuing to struggle with it, I finally came across a solution that works for me.

    Here is what I did: Let's say I had created a new user called dummy with his home folder located at /home/dummy and a folder dedicated for his web-presentation located at /home/dummy/www.

    1. Use sudo chgrp -R www-data /home/dummy/www to change the group of the www directory and all it's content to www-data (Apache's default user for web access.).
    2. Use sudo chmod -R g+wrxs /home/dummy/www to give the group www-data write,read and execute permission to the specified directory and it's content. The important thing here is the s part. This ensures that the group (www-data) takes over ownership over any file created inside the directory with the s parameter.

    No need to add the user dummy to any groups at all.

    Hope this helps if anyone encounters the same problem as me in the future.

    EDIT: After some additional testing, this alone seems not to be enough. Apart from the two steps mentioned above, you also need to explicitly tell wordpress how to work with files by adding define('FS_METHOD', 'direct'); to the wordpress configuration file.

    Also, for a more strict permission set-up, please see Step 5 in DigitalOcean's How To Install WordPress with LAMP on Ubuntu guide.

    • 3