Koozali.org: home of the SME Server

Obsolete Releases => SME Server 8.x => Topic started by: Marco Hess on January 04, 2012, 05:10:18 AM

Title: How to give apache write permission on ibay?
Post by: Marco Hess on January 04, 2012, 05:10:18 AM

Hi All,

I am struggling with (permanently) setting the permissions on an ibay so that apache has write permissions on that ibay.

I installed a PHP app (elgg) in an ibay to serve the site for a subdomain. I go all the PHP settings configured to allow the file upload for the site:

Code: [Select]

db accounts show eastern
eastern=ibay
    AllowOverride=All
    CgiBin=enabled
    FollowSymLinks=enabled
    Gid=5059
    Group=shared
    Name=Eastern District Website
    PHPBaseDir=/home/e-smith/files/ibays/eastern/html:/home/e-smith/files/ibays/eastern/files:/tmp
    PasswordSet=no
    PublicAccess=global
    Uid=5059
    UserAccess=wr-admin-rd-group


However with these settings, PHP has no write permissions and I get PHP permission denied errors in /var/log/messages.

I can fix it with

Code: [Select]

chown -R www:www /home/e-smith/files/ibays/eastern/*
But after a reconfiguration, the permissions on the ibay revert to the configured ones on the ibay.

So what is the correct user/group configuration for an ibay through server-manager or through some "db accounts setprop" for an ibay so that a PHP app can have write permissions?

Title: Re: How to give apache write permission on ibay?
Post by: cactus on January 04, 2012, 01:07:16 PM

You have set the ibay permissions to:

admin: write
group: read

which means only the admin is able to write to the ibay. It seems that it is not possible to modify this through the webinterface, but perhaps you might be able to add the www user to the admin group through the console using this:

Code: [Select]

usermod -a -G admin www
To verify if the user is (already) member of a group you can use:

Code: [Select]

groups www

Title: Re: How to give apache write permission on ibay?
Post by: mmccarn on January 04, 2012, 02:39:53 PM

You can give write access to an ibay from server-manager by setting 'group' to 'Everyone' and 'User access via file sharing or user ftp' to 'write=group, read=everyone'.

However, if you have local users with SMB/CIFS access to your SME server, all users would also have write access to the ibay.

Title: Re: How to give apache write permission on ibay?
Post by: cactus on January 04, 2012, 02:46:44 PM

Quote from: mmccarn on January 04, 2012, 02:39:53 PM

However, if you have local users with SMB/CIFS access to your SME server, all users would also have write access to the ibay.

True, although I think based on the chosen setting OP does not want everyone to have access.

Title: Re: How to give apache write permission on ibay?
Post by: mmccarn on January 04, 2012, 02:53:18 PM

You could also grant write access for the web server to an ibay from the command line using

Code: [Select]

db accounts setprop <ibayname> Group www UserAccess wr-group-rd-everyone
signal-event ibay-modify <ibayname></code>

Title: Re: How to give apache write permission on ibay?
Post by: cactus on January 04, 2012, 03:06:39 PM

Quote from: mmccarn on January 04, 2012, 02:53:18 PM

You could also grant write access for the web server to an ibay from the command line using

Code: [Select]

db accounts setprop <ibayname> Group www UserAccess wr-group-rd-everyone
signal-event ibay-modify <ibayname></code>

That would be the better proper SME Server solution, which in fact would do more or less the same. However I am not sure of the admin will be able to modify the ibay contents then as IIRC admin is not a member of the www or apache group.