PHP and MySQL seem to working on my CentOS installation. I'd like to install phpMyAdmin as well, so I downloaded the necessary files from phpMyAdmin's homepage and copied them to /var/www/html...
... except that's where the process stopped. My regular user account doesn't have permission to write into the /var/www/html folder.
Should I just chmod the folder to 777? Is there a reason it's not already user accessible?
This is a local machine where I'll be testing web pages of my own design, and not accessible from the web.
Or at least I hope not. If I'm running an Apache server just for local files, it's not being seen on the web, is it?
Dave
On Tue, Sep 20, 2005 at 01:06:16AM +0900, Dave Gutteridge enlightened us:
PHP and MySQL seem to working on my CentOS installation. I'd like to install phpMyAdmin as well, so I downloaded the necessary files from phpMyAdmin's homepage and copied them to /var/www/html...
... except that's where the process stopped. My regular user account doesn't have permission to write into the /var/www/html folder.
Should I just chmod the folder to 777? Is there a reason it's not already user accessible?
This is a local machine where I'll be testing web pages of my own design, and not accessible from the web.
Or at least I hope not. If I'm running an Apache server just for local files, it's not being seen on the web, is it?
You probably don't want world write permissions on your publicly accessible directory. Ever. If anyone finds a bug in apache/php/etc, it makes their life a whole lot easier.
Generally with phpMyAdmin, I do the following (as root):
1. Extract the tarball in /var/www, resulting in /var/www/phpMyAdmin-2.X.X
2. Create a phpmyadmin.conf file in /etc/httpd/conf.d directory that contains the line:
Alias /phpMyAdmin "/var/www/phpMyAdmin-2.X.X"
This lets me try out new versions without losing old versions, etc, just by changing the Alias in the conf file. Don't forget to reload apache after adding the file (/sbin/service httpd graceful)
As a general rule, anything that is happening "globally" on the system will have to be performed with superuser permissions (either by becoming root via "su -", or by using the sudo command). In this specific case, if you wanted to do it only using your user privelidges, you would have to install phpMyAdmin into your home directory ($HOME/public_html).
Matt
On Tue, 2005-09-20 at 01:06 +0900, Dave Gutteridge wrote:
... except that's where the process stopped. My regular user account doesn't have permission to write into the /var/www/html folder.
Should I just chmod the folder to 777? Is there a reason it's not already user accessible?
I'm not going to tell you what to do, because I'm not entirely certain what best practices on this would be. I'll just tell you what I do. What I do is this. First off, in the case of applications like phpMyAdmin (which may be easier to install via yum, if it's in there, can't recall), I let the application go where it's supposed to go. Same with CVSWeb, etc. So I wouldn't have to touch it, because it would be readable by "other", so like 755, which is what /var/www/html is to start with. So for applications like that I don't need to change permissions.
For my personal applications I usually create a group for web development. Then I put myself in that group and I create a directory under /var/www/sites/ (a folder I create with root) for my application which I think make 775 with ownership of root:<webdevgroup>. This way I can freely copy files into that directory, without modifying the permissions of /var/www/html. Then, as I mentioned earlier I setup a virtual host for this directory. I explained that in an earlier thread. That way when I go to http://mytestingserver I get that directory served up to me as if it were a root URL. I can copy files in, etc. and I'm not messing around with any of the pre-installed directories.
That's what I do, but I'm not sure what best practices are. I go that extent, mostly because I know I'll end up working on 5 or 6 other sites, so they all need to have their own directory. Plus it just feels cleaner to put them in separate directories, then use virtual hosts. Whether it is or not, maybe someone else can answer.
Preston
On 9/19/05, Dave Gutteridge dave@tokyocomedy.com wrote:
PHP and MySQL seem to working on my CentOS installation. I'd like to install phpMyAdmin as well, so I downloaded the necessary files from phpMyAdmin's homepage and copied them to /var/www/html...
... except that's where the process stopped. My regular user account doesn't have permission to write into the /var/www/html folder.
Some things to consider here. You may want to make a web group, add your user to it, and make /var/www/html writeable by members of that group. then you won't need to be root, or worry about any other users who should not have access connecting.
Should I just chmod the folder to 777? Is there a reason it's not already user accessible?
No. this is a bad idea. It's not user accessible to protect it from users. you don't want people being able to rewrite files without making sure they should be able to. If you change the permissions as you say, there's nothing to stop a malicious user from rewriting it to break, email passwords to them, alter your db, etc...
This is a local machine where I'll be testing web pages of my own design, and not accessible from the web.
good. php-myadmin should NOT be wide open to the world.
Or at least I hope not. If I'm running an Apache server just for local files, it's not being seen on the web, is it?
Depends on how you have your config set. You could add a section to httpd.conf and restrict myadmin to local network ips, or ideally, just localhost.
I'd also recommend only making it accessible over https, using cookie or http based auth instead of config based auth etc.
If you want more detail on anything I'v mentioned, let me know. I'm being brief because I'm not sure which way you want to go yet.
-- Jim Perrin System Administrator - UIT Ft Gordon & US Army Signal Center
On Mon, 2005-09-19 at 11:06, Dave Gutteridge wrote:
PHP and MySQL seem to working on my CentOS installation. I'd like to install phpMyAdmin as well, so I downloaded the necessary files from phpMyAdmin's homepage and copied them to /var/www/html...
... except that's where the process stopped. My regular user account doesn't have permission to write into the /var/www/html folder.
When you are installing programs you generally need to run as root.
Should I just chmod the folder to 777? Is there a reason it's not already user accessible?
Most places should not be world-writable. Better to change ownership to whoever needs to write and make it writable by owner or group. If it doesn't matter who sees it, you can make it world readable.
This is a local machine where I'll be testing web pages of my own design, and not accessible from the web.
Or at least I hope not. If I'm running an Apache server just for local files, it's not being seen on the web, is it?
That depends on your firewalls and routing. If you have a public address, it probably is.
On my computer, really the only user is me, sometimes being a regular user, and sometimes being a super user.
Should I make a group that includes me in regular user mode, or somehow grant permissions to me as an individual.
And... um... how do I do that?
Is it: chmod 775 -R /var/www/html/
...?
Dave
On Wed, 2005-09-21 at 11:22 +0900, Dave Gutteridge wrote:
On my computer, really the only user is me, sometimes being a regular user, and sometimes being a super user.
Should I make a group that includes me in regular user mode, or somehow grant permissions to me as an individual.
And... um... how do I do that?
Is it: chmod 775 -R /var/www/html/
---- I find that it's safer to not use octals but rather absolutes...
chmod g+w -R /var/www/html
but I would think in your situation, you might want to create a symlink to a folder within your home directory...
mkdir /home/dave/web-files chmod g+w,o+w /home/dave/web-files ln -s /home/dave/web-files /var/www/html/web-files
and to access, you would point mozilla to localhost/web-files
this may cause some issues with SELinux - you might have to permission that directory for SELinux http://fedora.redhat.com/docs/selinux-apache-fc3/
Craig
On Tue, 2005-09-20 at 21:22, Dave Gutteridge wrote:
On my computer, really the only user is me, sometimes being a regular user, and sometimes being a super user.
Should I make a group that includes me in regular user mode, or somehow grant permissions to me as an individual.
Individual is easier unless you expect to need to extend access to others.
And... um... how do I do that?
chown -R username target
Is it: chmod 775 -R /var/www/html/
If you need to change access permissions also, the symbolic modes are easier to remember. For example:
chmod u+rw ... add read and write access for user (owner) chmod o+r ... add read access for other (everyone) chmod o-w ... remove write access for other.
Thank you everyone for the clear advice. I'm still working out some details.
One thing I was wondering about. It keep all my documents and everything I do within my /home/dave/ folder. It's nice when backing up to just be able to copy the one folder to disc and know I've got everything.
If my local copy of my web sites is over in /var/www/html/ then that's another place I have to remember to back up. Sure, I could do it, but I thought there might be another approach.
What if I make an "html" folder in my /home/dave/ folder, and then alias my /var/www/html folder to that? Would that be a bad thing? Would it be possible?
Dave
On Wed, 2005-09-28 at 09:35 +0900, Dave Gutteridge wrote:
Thank you everyone for the clear advice. I'm still working out some details.
One thing I was wondering about. It keep all my documents and everything I do within my /home/dave/ folder. It's nice when backing up to just be able to copy the one folder to disc and know I've got everything.
If my local copy of my web sites is over in /var/www/html/ then that's another place I have to remember to back up. Sure, I could do it, but I thought there might be another approach.
What if I make an "html" folder in my /home/dave/ folder, and then alias my /var/www/html folder to that? Would that be a bad thing? Would it be possible?
---- I believe that you will find that I suggested that very thing 6 days ago - check the archive
Craig
I believe that you will find that I suggested that very thing 6 days ago
- check the archive
Yes, you did. I'm sorry for having overlooked that.
Partly the reason was because I had some other ideas in my head which were confusing the issue for me. But I've thought it over, and I was making the situation unneccesarily complex.
Your suggestion will do what I'm hoping to do.
Thank you for explaining it. And, again, sorry for not having grasped it earlier when I should have.
Dave
-
Craig White -
Dave Gutteridge -
Jim Perrin -
Les Mikesell -
Matt Hyclak -
Preston Crawford