Friday, December 13, 2013

Apache Permissions - CentOS

Issues today with apache and permissions on linux.

Apparently the directories need to be WORLD executable.
This does not make sense to me, but there you go.
Note: we need permissions for groups our developers so we are setting the user to nobody and the group to myusers. Apache will use the Other or World permissions.

create an alias to setup permission in a web directory.


alias webperms="shopt -s dotglob; sudo chown -R nobody:myusers*; find . -type f -exec sudo chmod 0464 {} \; ; find . -type d -exec sudo chmod 2575 {} \; ; grep -Rl \#\!/usr/local/bin/php * | xargs sudo chmod 0474; grep -Rl \#\!/bin/bash * | xargs sudo chmod 0474; shopt -u dotglob;"

Breakdown of the aliased commands.

Show hidden files

 shopt -s dotglob;

 CREATE AN ALIAS

alias webperms

OWNED BY NOBODY AND YOUR USER GROUP. (APACHE WILL USE "OTHER")

sudo chown -R nobody:myusers *;

FILES - OWNER READ - GROUP READ WRITE - WORLD READ

find . -type f -exec sudo chmod 0464 {} \; ;

DIRECTORIES - GROUP STICKY - OWNER READ EXECUTE - GROUP READ WRITE EXECUTE - WORLD READ EXECUTE

find . -type d -exec sudo chmod 2575 {} \; ;

FIND EXECUTABLE PHP FILES AND SET GROUP PERMISSIONS TO EXECUTE

grep -Rl \#\!/usr/local/bin/php * | xargs sudo chmod 0474;

FIND EXECUTABLE BASH FILES AND SET GROUP PERMISSIONS TO EXECUTE

grep -Rl \#\!/bin/bash * | xargs sudo chmod 0474;

Hide hidden files

 shopt -u dotglob;