andrzej
/
devlog
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
devlog/content/posts/permissions-strike-again.md

37 lines
2.2 KiB
Markdown
Raw Permalink Blame History

+++
date = '2024-11-13T11:53:13+01:00'
draft = false
title = 'Permissions strike again'
tags = ['linux']
+++
Configuring Apache really isn't rocket science. There are a wealth of great tutorials online, the documentation is very well documented, and the defaults work more or less out of the box. But it's one of those jobs that I do just infrequently enough that I always forget things in the interim, and end up making the same old mistakes.
***And it almost always has to do with permissions.***
So, I'm writing this post both as a means of christening this devlog ([Hi! I'm Andrzej! Hire me!](https://demos.ajstepien.xyz)) and also as a reminder to myself that *the home folder is not executable by default.*
Please, Andrzej. Please. The next time you're building a website, be it for a client or for yourself, and you find yourself scratching your head, wondering what error you may have made in the `.confs`, checking the permissions of your symlink again and again, ask yourself: is my symlink pointing to a directory in the home folder? Because Apache can't open the home folder until you change the permissions!
## What?
In Linux we open directories by 'executing' them. A directory is an executable that maps part of the file-system for us. Now, by default, the home directory is only executable by its owner. This makes sense when you think about it -- you don't want your sister, or co-worker, or (more likely) whatever barely-audited application you're installing today, to be able to open that directory. But you probably *do* want your webserver to be able to open it, especially if you are symlinking to it from `/var/www` or wherever.
There are lots of reasons why you'd want to deploy to the home directory of an unprivileged user. I do this exact same thing with [Jenkins](https://jenkins.io), and I wasted an hour troubleshooting this exact same problem when I set up that server too.
So, Andrzej of the future (did anyone non-ghoulish win an election yet?), for future reference, let's say you're deploying to `/home/devlog/website`:
1. Add Apache to the 'devlog' user group.
```
sudo usermod -aG devlog www-data
```
2. Change the permissions on /home/devlog to allow group members to open it.
```
sudo chmod 710 /home/devlog
```
IT'S THAT EASY.
Reference in New Issue View Git Blame Copy Permalink