How to Give Apache Permission to Write to Home Directory

How to give apache permission to write to home directory?

As your file residing in your Home directory, I would suggest one of following approaches.

Give 0777 permission to file itself.
```
chmod 0777 /home/djameson/test.txt
```

Change Ownership to apache user www-data and give owner-write permission.

sudo chown www-data:www-data /home/djameson/test.txt
chmod 0744 /home/djameson/test.txt

Add your user to www-data group or vice-verse add www-data user to your group. And then group write permission.
```
sudo usermod -a -G www-data djameson
chmod 0764 /home/djameson/test.txt
```

NOTE : I am assuming apache user name & group name is www-data & www-data respectively. You must change accordingly your server apache username/group name.

I cannot grant apache permissions to write to a file, what am I doing wrong?

Dude,

This a clear case that the parent directory of the file /home/chilinut/logs/apachelog/log.log doesn't have permission for the user apache.

You have to give write, read permission for the user apache for the parent directories also.Try the following in your case

chown chilinut:apache /home/chilinut/
chown -R chilinut:apache /home/chilinut/*
chmod g+rw /home/chilinut/
chmod -R g+rw /home/chilinut/*

Now switch to apache user and try to execute it. It will be fine. I have tried with a sample script and does the same as your script.

enter code# cat test.sh 
echo | exec whoami ;
echo test >> /home/testleo/public_html/apachelogs/log.log;

Worked fine from my end.

Giving PHP write permission in Apache

You need to check if the user under which runs apache has permission to write into the directory.

So it's like this:

Your apache server is process. The process runs under some user (say www). The PHP runs under apache. So if you try to write into a directory in PHP it is the same as if the user www logs into the server and tries to create a file in the same directory. So check who is owner of that directory and which permission do it have. You can do it e.g. via ls -la command. If www will be owner of that directory, you will be 100% safe ...

How to properly give apache access to a website user's /home/websiteuser/html directory?

We've solved this by making a "websites" group and adding the apache user (www-data) to this group like this (must be done as root - switch to root with $ su root or use sudo in front of the commands like this $ sudo useradd username:

Add a new group - this will be the name of the group used for all websites:

$ addgroup websites

List groups to check it was created

$ getent websites

Add the apache user to the websites-group so apache has access to run the websites

$ usermod -G websites www-data

Check www-data is part of the websites-group:

$ grep '^ websites' /etc/group

Add a new website user (this will be the user used to run the website)

$ useradd username

Give the user a password

$ passwd username

Follow the prompts to add a password
Add website user to websites group

$ usermod -G websites username

Create a new directory for the user to serve websites from:

$ mkdir /home/username

The owner of the website directory must be root or sftp will fail
Make root the owner and group of website user’s home directory:

$ chown root:websites /home/username

Give website user limited access to their home directory:

$ chmod 750 /home/username

Move into the website user’s directory:

$ cd /home/username

Make a web root directory (this is the opublic directory where the website's files will live):

$ mkdir html

Give website user owner:group on web root:

$ chown username:websites html

Change permissions on the html directory:

$ chmod 750 html

Copy all the website's files into the html directory
Recursively set ownership on all files within the web-root

$ chown -R username:ssb-websites html

Recursively set premissions on all files within the web-root (owner and group have read, write, execute permissions):

$ chmod -R 770 html

Recursively set permissions on all files within web-root:

$ chmod 644 $(find . ! -type d)

If having issues, make sure directory permissions are set like this (the top-level website directory /home/username/ must be owned by root or sFTP access won't work):

/home/username | drwxr-x--- | root:websites

/home/username/html | drwxr-x--- | username:websites

/home/username/html/directories/ | drwxrwx--- | username:websites

/home/username/html/files.html | -rw-r--r-- | username:websites

We're designers so this is the way we worked it out, if anyone can see improvements, feel free to edit!

Set Apache to allow access for a directory not under document root

It turns out that permission on all parent directories matters, too. One of the parent directory is copied from Windows and does not have the required permission by default. See (13) Permission Denied for more details. One lesson learned is never forget to check the error logs, even if you know permissions are relevant from output of browser.

Correct owner/group/permissions for Apache 2 site files/folders under Mac OS X?

This is the most restrictive and safest way I've found, as explained here for hypothetical ~/my/web/root/ directory for your web content:

For each parent directory leading to your web root (e.g. ~/my, ~/my/web, ~/my/web/root):
- chmod go-rwx DIR (nobody other than owner can access content)
- chmod go+x DIR (to allow "users" including _www to "enter" the dir)
sudo chgrp -R _www ~/my/web/root (all web content is now group _www)
chmod -R go-rwx ~/my/web/root (nobody other than owner can access web content)
chmod -R g+rx ~/my/web/root (all web content is now readable/executable/enterable by _www)

All other solutions leave files open to other local users (who are part of the "staff" group as well as obviously being in the "o"/others group). These users may then freely browse and access DB configurations, source code, or other sensitive details in your web config files and scripts if such are part of your content. If this is not an issue for you, then by all means go with one of the simpler solutions.

How to Give Apache Permission to Write to Home Directory