+++
date = '2024-11-13T11:53:13+01:00'
draft = false
title = 'Permissions strike again'
tags = ['linux']
+++

Configuring Apache really isn't rocket science. There are a wealth of great tutorials online, the documentation is very well documented, and the defaults work more or less out of the box. But it's one of those jobs that I do just infrequently enough that I always forget things in the interim, and end up making the same old mistakes.

***And it almost always has to do with permissions.***

So, I'm writing this post both as a means of christening this devlog ([Hi! I'm Andrzej! Hire me!](https://demos.ajstepien.xyz)) and also as a reminder to myself that *the home folder is not executable by default.*

Please, Andrzej. Please. The next time you're building a website, be it for a client or for yourself, and you find yourself scratching your head, wondering what error you may have made in the `.confs`, checking the permissions of your symlink again and again, ask yourself: is my symlink pointing to a directory in the home folder? Because Apache can't open the home folder until you change the permissions!

## What?

In Linux we open directories by 'executing' them. A directory is an executable that maps part of the file-system for us. Now, by default, the home directory is only executable by its owner. This makes sense when you think about it -- you don't want your sister, or co-worker, or (more likely) whatever barely-audited application you're installing today, to be able to open that directory. But you probably *do* want your webserver to be able to open it, especially if you are symlinking to it from `/var/www` or wherever.

There are lots of reasons why you'd want to deploy to the home directory of an unprivileged user. I do this exact same thing with [Jenkins](https://jenkins.io), and I wasted an hour troubleshooting this exact same problem when I set up that server too.

So, Andrzej of the future (did anyone non-ghoulish win an election yet?), for future reference, let's say you're deploying to `/home/devlog/website`:

1. Add Apache to the 'devlog' user group.
```
sudo usermod -aG devlog www-data
```
2. Change the permissions on /home/devlog to allow group members to open it.
```
sudo chmod 710 /home/devlog
```

IT'S THAT EASY.