Understanding Linux Permissions - Apache with user "apache"

Question

I'm with some problems understanding the Linux Permissions, users/groups.

I'm running a PHP Web Application with Apache. The user running Apache is the linux user "apache".

The folder with the PHP Web Application have the files and folders assigned to the user "andre". I've assigned the user "apache" to the group "andre".

[2016-12-14 15:51:01] Espo.WARNING: E_WARNING: touch(): Unable to create file data/cache/application/cronLastRunTime.php because Permission denied {"code":2,"message":"touch(): Unable to create file data/cache/application/cronLastRunTime.php because Permission denied","file":"/var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php","line":518,"context":{"filePath":"data/cache/application/cronLastRunTime.php","defaultPermissions":{"dir":"0775","file":"0664","user":48,"group":48},"pathParts":{"dirname":"data/cache/application","basename":"cronLastRunTime.php","extension":"php","filename":"cronLastRunTime"}}} []
[2016-12-14 15:51:01] Espo.ERROR: Uncaught Exception Espo\Core\Exceptions\Error: "Permission denied for data/cache/application/cronLastRunTime.php" at /var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php line 212 {"exception":"[object] (Espo\\Core\\Exceptions\\Error(code: 500): Permission denied for data/cache/application/cronLastRunTime.php at /var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php:212)"} []
[2016-12-14 15:52:01] Espo.WARNING: E_WARNING: touch(): Unable to create file data/cache/application/cronLastRunTime.php because Permission denied {"code":2,"message":"touch(): Unable to create file data/cache/application/cronLastRunTime.php because Permission denied","file":"/var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php","line":518,"context":{"filePath":"data/cache/application/cronLastRunTime.php","defaultPermissions":{"dir":"0775","file":"0664","user":48,"group":48},"pathParts":{"dirname":"data/cache/application","basename":"cronLastRunTime.php","extension":"php","filename":"cronLastRunTime"}}} []
[2016-12-14 15:52:01] Espo.ERROR: Uncaught Exception Espo\Core\Exceptions\Error: "Permission denied for data/cache/application/cronLastRunTime.php" at /var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php line 212 {"exception":"[object] (Espo\\Core\\Exceptions\\Error(code: 500): Permission denied for data/cache/application/cronLastRunTime.php at /var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php:212)"} []
[2016-12-14 15:53:01] Espo.WARNING: E_WARNING: touch(): Unable to create file data/cache/application/cronLastRunTime.php because Permission denied {"code":2,"message":"touch(): Unable to create file data/cache/application/cronLastRunTime.php because Permission denied","file":"/var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php","line":518,"context":{"filePath":"data/cache/application/cronLastRunTime.php","defaultPermissions":{"dir":"0775","file":"0664","user":48,"group":48},"pathParts":{"dirname":"data/cache/application","basename":"cronLastRunTime.php","extension":"php","filename":"cronLastRunTime"}}} []
[2016-12-14 15:53:01] Espo.ERROR: Uncaught Exception Espo\Core\Exceptions\Error: "Permission denied for data/cache/application/cronLastRunTime.php" at /var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php line 212 {"exception":"[object] (Espo\\Core\\Exceptions\\Error(code: 500): Permission denied for data/cache/application/cronLastRunTime.php at /var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php:212)"} []
[2016-12-14 15:54:01] Espo.WARNING: E_WARNING: touch(): Unable to create file data/cache/application/cronLastRunTime.php because Permission denied {"code":2,"message":"touch(): Unable to create file data/cache/application/cronLastRunTime.php because Permission denied","file":"/var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php","line":518,"context":{"filePath":"data/cache/application/cronLastRunTime.php","defaultPermissions":{"dir":"0775","file":"0664","user":48,"group":48},"pathParts":{"dirname":"data/cache/application","basename":"cronLastRunTime.php","extension":"php","filename":"cronLastRunTime"}}} []
[2016-12-14 15:54:01] Espo.ERROR: Uncaught Exception Espo\Core\Exceptions\Error: "Permission denied for data/cache/application/cronLastRunTime.php" at /var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php line 212 {"exception":"[object] (Espo\\Core\\Exceptions\\Error(code: 500): Permission denied for data/cache/application/cronLastRunTime.php at /var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php:212)"} []
[2016-12-14 15:55:02] Espo.WARNING: E_WARNING: touch(): Unable to create file data/cache/application/cronLastRunTime.php because Permission denied {"code":2,"message":"touch(): Unable to create file data/cache/application/cronLastRunTime.php because Permission denied","file":"/var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php","line":518,"context":{"filePath":"data/cache/application/cronLastRunTime.php","defaultPermissions":{"dir":"0775","file":"0664","user":48,"group":48},"pathParts":{"dirname":"data/cache/application","basename":"cronLastRunTime.php","extension":"php","filename":"cronLastRunTime"}}} []
[2016-12-14 15:55:02] Espo.ERROR: Uncaught Exception Espo\Core\Exceptions\Error: "Permission denied for data/cache/application/cronLastRunTime.php" at /var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php line 212 {"exception":"[object] (Espo\\Core\\Exceptions\\Error(code: 500): Permission denied for data/cache/application/cronLastRunTime.php at /var/www/somewebsitefolder/public/application/Espo/Core/Utils/File/Manager.php:212)"} []

Here is my /etc/group

root:x:0:apache
apache:x:48:
andre:x:1000:apache

Should I add the user "andre" to the group "apache" to get rid of this errors?

Best Regards, André Lopes.

score 1 · Answer 1 · answered Dec 14 '16 at 17:20

Why on earth is apache member of the group root? This is highly insecure.

In general, you shouldn't just add items to groups to solve permission problems. Instead, first get a fundamental understanding how the permission system works, then think about what you want to do and why this fails. What would you gain if the user andre would be a member of the Apache group? The process runs as apache:apache, so it needs to have write permissions for either the user or group apache in whatever directory it wants to write and you can't achieve this by adding the user to the apache group.

Understanding Linux Permissions - Apache with user "apache"

1 Answers1