Apache symlinked to home directory – Permission Errors

im having a few problems symlinking my /var/www/ to a new Webroot directory inside my home folder. I think these stem from my lack of understanding of linux permissions.

As far as im aware, symlinks should take the form of the directory you want to linked and the directory you want to be linked to, so in my case, i ran:

sudo ln -s ~/Webroot/* /var/www/

this has sort of worked, if i run ls on /var/www/ i can see all of the files in my Webroot directory.

Whenever i try to run a file that is in my Webroot folder, i get a 403 permission error, is this because the files in my Webroot directory are created by me, and the apache instance is being run as www-data?

if this is the case, would this mean i need to change the permissions on every file i create in order to run it?

I have previously run a local apache instance my pointing the directory root of my default vhost to the Webroot folder, in this instance i did not need to alter any permissions. Any help would be appreciated.

Asked By: richzilla


I did near the same thing with Debian Lenny, but I changed to non-hax mode, I’ve configured apache correctly. But with symlink:

$ ll /home
drwxr-xr-x  8 root   root   4,0K nov 14 14.59 .
drwxrwxrwx  7 root   root   4,0K nov 14 21.24 www -> /var/www

I think you should check the permisson of the ~ and the ~/Webroot, I think your dir(~) is read protected, I mean, you have to run this:

$ ls -la /home

To set the right permissinons, use:

# chmod 755 /home
# chmod 755 /home/<YOURNAME>
# chown <YOURNAME>:www-data -R /home/<YOURNAME>/Webroot
# chmod 775 -R /home/<YOURNAME>/Webroot

I think, it should help, but give me more info about this. I suggest you, to get out the Webroot from your dir, ex. to /home like me, because it can be security problem.

“#” means root permisson, ex. write sudo before the commands;
“$” means single user permisson

Answered By: antivirtel

This is not a good practice to achieve what you want.

If you are using PHP, you might want to take a look at suexec, suphp or php-fpm and fastcgi.

You are right about your issue, this is a permission issue in the fact that your Webroot files are owned by a different user than www-data.

Here is a not-so-bad solution to workaround your problem. Note that you will probably need to use sudo or login as root. Make sure you fully understand all of the commands you will be executing!!

Change your Webroot folder and subfolders and files to have the group ownership set to www-data and set the proper permissions:

# set the group ownership to be www-data
chgrp -R www-data /path/to/home/Webroot/
# make sure www-data has read & write permissions (change it to `g=r` if you want to only give read-only access)
chmod -vR g=rw /path/to/home/Webroot/
# make sure www-data can access the folders by adding the group execute bit field to directories
find /path/to/home/Webroot/ -type d -print0 | xargs -0p chmod -v g+x

Edit: Note that you will certainly need to run those commands again if you add files/folders using your regular user account.

Answered By: Weboide

This is not a good practice, I agree with Weboide. But there is a simple way to achieve this goal.

1). enable the Apache userdir module.

sudo  a2enmod userdir

this will enable Apache userdir module. This module allows user-specific directories to be accessed using the http://example.com/~user/ syntax.

Now you can put the contents of website in ~/Webroot/ or whatever inside your home directory.

Note: The default folder is ~/public_html

2). Make necessary changes to /etc/apache2/mods-enabled/userdir.conf.

3). Restart the apache

sudo /etc/init.d/apache2 restart

Now you can access the site by navigating your browser to http://ip-address/~username. You can also set a virtual host for this site.

If you are looking to run php files you need to do one more step

edit the /etc/apache2/mods-enabled/php5.conf and comment the following lines:

 <IfModule mod_userdir.c>
        <Directory /home/*/public_html>
            php_admin_value engine Off

Then restart the apache.

Thats it. You are done.

Ref: https://wiki.ubuntu.com/UserDirectoryPHP

Hope this helps. If you face any difficulties feel free to post it here.

Answered By: aneeshep

You must check permissions not only about your destination, but also its parents.

Answered By: zVictor

I was faced with this issue. But I didn’t like the idea of changing the group of my home directory to www-data. This problem can simply be solved by modifying the configuration file for the virtualHost.
Simply configure the Directory tag to include these

<Directory "your directory here">
   Order allow,deny
   Allow from all
   Require all granted

The Require all granted is a new feature I guess; having a default value of denied.

See this page for reference: http://httpd.apache.org/docs/current/mod/core.html#directory

Answered By: Peter
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.