WebServer Permission problem, Ubuntu & Lighttpd
If you are using the Ubuntu package and didn't change things too much, the running process name should be lighttpd and the default user and group names are both www-data. Check the server.username and server.groupname entries in your config file (/etc/lighttpd/lighttpd.conf) to be certain.
Running ps -fC lighttpd should tell you if it is running and the user id that is is running as. On my system the output looks like
rik@mary:/home/rik$ ps -fC lighttpdUID PID PPID C STIME TTY TIME CMDwww-data 667 1 0 03:50 ? 00:00:00 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
Everything you want displayed under your document-root should be readable by the www-data user and the directories need to be executable by www-data as well. To test this you may want to try using find as the user www-data. The sudo command can help with this. sudo -u www-data find /var/www/sites/mysite.com/http/media/css/ should succeed. If not try again one step up with sudo -u www-data find /var/www/sites/mysite.com/http/media/ and so on until find can return file and directory names. Once there the run the chown and chmod commands against that directory without the -R (recursive) flag. Then test again.
If you are comfortable with all of the files and directories under /var/www/sites/mysite.com/http/media being readable by anyone, you may want to chmod all the files as 644 and the dirs as 755. If you have files that need to have the execute bit set this can be a bit more of a problem unless the all have distinctive extensions. This is done using the -type, -exec, and -name flags like:
chown -R id:www-data /var/www/sites/mysite.com/http/mediafind /var/www/sites/mysite.com/http/media -type d -exec chmod 755 {} \;find /var/www/sites/mysite.com/http/media -type f -exec chmod 644 {} \;find /var/www/sites/mysite.com/http/media -type f -name '*.php' -exec chmod 755 {} \;If you don't want lighty to access other files an/or dirs in the tree, you will need to handle things differently. It is always easier if you keep files you want readable in a different directory from those you want kept out of the public eye.
Related videos on Youtube
02 : 09
02 : 06
08 : 51
04 : 13
03 : 11
Admin
Updated on September 17, 2022Comments
-
Admin over 1 year
Just setup lighttpd on Ubuntu 9.04, but struggling with the permissions. The website loads fine, as i am using Fast CGI, however my media (Javascript, CSS, Images) wont load.
I enabled the logging option in the config file:
debug.log-request-handling = "enable"
I get the following in the log file:
2009-08-16 02:42:27: (response.c.473) -- handling physical path 2009-08-16 02:42:27: (response.c.474) Path
: /var/www/sites/mysite.com/http/media/css/style.css 2009-08-16 02:42:27: (response.c.520) -- access deniedI then went and checked the permission on all those directories, changed them so www-data group has permission but i still get 403 forbidden errors and errors in the log file.
i ran:
chgrp -R id:www-data css/ chmod -R g+rx css/
and ls -l
> [email protected]:/var/www/sites/mysite.com/http/media$ > ls -l total 12 drwxr----- 2 id > www-data 4096 Aug 16 01:59 css > drwxr----- 2 id www-data 4096 Aug 16 > 02:00 images drwxr----- 3 id www-data > 4096 Aug 16 02:00 jsTried granting the www-data user rwx permissions as well, and still get forbidden errors.
How can i fix this? It's possible that the server is not using the www-data user, how can i check that it's running under this user?
-
Paolo almost 15 yearsHey man, thanks that worked. And there are no executable files in the /media directory. Though isnt setting 755, the same as using the g+rwx ? -
David almost 15 years@ID. No, 755 = rwxr-xr-x. rwx = 777. Also, the permissions on directories don't mean the same thing they do on files. The chmod manpage explains the differences.
-
Rik Schneider almost 15 years@ID No, it isn't. g+rwx changes group permissions to allow the owning group to read, write, and execute a file or directory. That would make the group permission number 7 not 5. ls -l would show it as rwx not r-x. In order to enter a directory you must have permissions to execute it. For directories: Read allows you to determine what is in a directory, write allows you to create new files, and execute allows you to use the files and directories underneeth. For files the permission labels are pretty much self explanitory. -
Hanno Fietz over 11 yearsThat testing procedure with find is a great idea, and will help me to more quickly debug a whole class of problems like this. I have struggled with similar issues before.
