[CentOS] apache docroot permissions

Kai Schaetzl maillists at conactive.com
Wed May 4 20:49:14 UTC 2011


Johan Martinez wrote on Wed, 4 May 2011 14:49:52 -0500:

> Thanks for the suggestions Richard and Kenneth. I installed drupal here and
> it requires user running apache to have write access on filesystem.

Assuming you are running mod_php and safe_mode: that is probably because of 
PHP safe_mode. You didn't tell you were going to write to that area with 
drupal. That's a completely different picture then! You really have to give 
the complete picture.

In PHP safe_mode you can:
a) have all php files and the write area owned by apache
b) have all php files owned by a user and the write area writable by apache 
but owned by the user (*)
c) have all php files owned by the user, group-owned by apache and the write
-area group-owned by apache and owned by the user and use safe_mode_gid 
instead of safe_mode.

(*) this doesn't work if you create subdirectories because they get the wrong 
permissions and apache can't pass thru

I think the most-used scenario is b). You will have to do some research to 
see what fits your setup best. (php.net/safe_mode). Also note that safe_mode 
is discouraged "officially" now since it isn't 100% reliable. However, I 
strongly advise using it if possible as long as it is available.

Kai





More information about the CentOS mailing list