Writing to a file in /var/www/html/

Hey all,

So I have a Python Django web app that I have deployed on an internal network using Apache. Part of my web app allows the user to fill out a form - upon submit, the data is written to a json file in the home directory of my project – i.e. the data should be written to a file located in /var/www/html/project/data.json – unfortunately, I keep getting a “permission denied” error in the console.

I have tried
chmod 777 /var/www/html/project/data.json

chmod 777 /var/www/

I have also tried what this article suggested: User and Group permissions, with chmod, and Apache
However, that resulted in a 403 forbidden – which I had to restore permissions for /var/www/ back to its default.

I’ve been stuck on this problem for quite a few hours and I am not sure how to go about this. Python doesn’t seem to offer an option where I can sudo write to the file. I am not sure what to do.

Please, test with:

sudo setenforce 0

Also check the logs: system and web server.

1 Like

Not sure if this will help, but what I usually do is this:

  • I add my own user to the apache group (may not be necessary in your case, but anyway…). Note that if you do this you’ll have to logout and log back in.
  • I chown the entire project folder to me and the group (sudo chown -R user:apache /var/www/html/project)
  • I set permissions to 775 (user and group can do anything, others can’t): sudo chmod -R 775 /var/www/html/project

Let me know if it helps! =)

1 Like

I fear I do not have the ultimate solution for your problem, but maybe a step in it’s direction.
my experiences are with baikal (a dav server; now exchanged with radicale) which also needed write access in /var/www/dav.fritz.box/

rights/user/group were left to it’s defaults for /var/www/.
But for my dav-server the subdir:

chown apache:apache -Rf /var/www/dav.fritz.box

rights for the subdir “dav.fritz.box”: 755 for dir’s and 644 for files.
??? I guess Apache is writing in the subdir, not you or another user ( I’m unsure though) ???

A second point was selinux:

setsebool -P httpd_unified 1

see: SELinux Apache Security Study - Dan Walsh's Blog — LiveJournal

maybe you’re able fetch some more selinux error’s with the package “setroubleshoot”

my virtualhost conf contains

<Directory “/var/www/dav.fritz.box/html”>

 Options None
 Options +FollowSymlinks
 AllowOverride All
 Require all granted

</Directory>

I’m not very experienced with webserver config, but I guest this is needed to do something with the above subdir (writing ?) . Got this from the baikal documentation !
So please consult your Django documentations.

Lastly, some commands ?

httpd -t => check’s virtualhost config
httpd -S => syntax check
httpd -X => debugging

tail -f /var/log/httpd/* to see what apache log’s during website access

That’s all I can do for you !

3 Likes

Tried this. I still get “permission denied” – verified in console logs. Restarted computer too and apache server. Not sure if necessary to restart computer and apache server though. did it anyways for sanity check.

Ah okay, so I’ve actually come across other posts that recommend adding your own user to the apache group, but everytime I try to execute the command
sudo adduser fac apache
, this is what I get:
Usage: adduser [options] LOGIN
adduser -D
adduser -D [options]

Options:
-b, --base-dir BASE_DIR base directory for the home directory of the
new account

Is this step necessary before continuing on with the next two bullet points?

It didn’t fix my problem but gave me some hints in the right direction. Thank you.

Hi,

usermod would be better for this (i’m assuming fac is the username, please correct me if I’m wrong):

usermod -a -G apache fac

-a (appends) means fac stays a member of its current groups and also joins apache.

Thanks Tom.

2 Likes

Hi Tom,

Yes, you are correct – fac is the username.
Okay, I ran that command. I tried restarting my computer and the apache server, but I still am not able to write to the file located in /var/www/html/project/data.json.

Hi,

Whats the about of:

ls -la /var/www/html/project/ & ls -la /var/www/html/project/data.json

Thanks Tom.

1 Like

Okay, actually I just arrived at the solution.
After completing
usermod -a -G apache fac
I followed @galvao second two bullet points. This has now allowed me to write to /var/www/html/project/data.json.

– however, I’m assuming that the commands you wrote in your post will list the permissions.
For ls -la /var/www/html/project/, I get:
drwxrwsr-x. 6 fac apache 4096 Aug 5 11:27 .
drwxr-sr-x. 3 fac fac 4096 Aug 1 10:12 ..
-rwxrwxr-x. 1 fac apache 52 Aug 1 10:12 .arcconfig
drwxrwsr-x. 6 fac apache 4096 Aug 5 11:25 buttons
-rwxrwxr-x. 1 fac apache 280 Aug 5 11:27 buttons.json
drwxrwsr-x. 2 fac apache 4096 Aug 5 11:25 configuration_buttons
-rwxrwxr-x. 1 fac apache 131072 Aug 1 10:12 db.sqlite3
drwxrwsr-x. 9 fac apache 4096 Aug 1 10:12 .git
-rwxrwxr-x. 1 fac apache 819 Aug 1 10:12 manage.py
drwxrwsr-x. 5 fac apache 4096 Aug 5 11:25 stations
-rwxrwxr-x. 1 fac apache 354 Aug 1 10:12 stnconf.json

And for ls -la /var/www/html/project/data.json, I get:
-rwxrwxr-x. 1 fac apache 280 Aug 5 11:27 /var/www/html/configuration_buttons/buttons.json

I’m curious though, I did try to chmod 777 /var/www/html/, but that didn’t solve my problem. I know that this is to be avoided for security purposes but I just wanted to see if it would do the trick. However, it didn’t. I came across many SO posts recommending this (along with the warning about security) and I am very confused as to why this did not work. Do you (or anyone else reading this) know why by any chance?

Hi,

Possibly selinux

Tom.

1 Like

Okay, I’ll have to research more on that.
Thank you.

setenforce affects only runtime configuration.
It helps to find out if SELinux is involved in the issue or not.

1 Like

Oh okay, I see. Thank you for your input.

So I had to recopy changes into /var/www/html/project which means I totally deleted /var/www/html/project and ran $ cp -r project /var/www/html/. I am following the solution I arrived at to get here before but now I am unable to write to /var/www/html/project/data.json. Here is what I have done:

  1. usermod -a -G apache fac
  2. sudo chown -R user:apache /var/www/html/project
  3. sudo chmod -R 775 /var/www/html/project

Yet this is not working this time around. Any ideas as to why?

Hi,

try:

sudo chown -R fac:apache /var/www/html/project

Thanks Tom.

Okay, tried that and this is what I got:
chown: cannot access '2': No such file or directory

Hi,

Sorry that was typo (i’ll edit the post) it should have been:

sudo chown -R fac:apache /var/www/html/project

Thanks Tom.

1 Like

Ah okay, still no luck.
Console says: [Errno 13] Permission denied: u'data.json'