Writing to a file in /var/www/html/

kendrakvnhvn10 · August 2, 2019, 7:07pm

Hey all,

So I have a Python Django web app that I have deployed on an internal network using Apache. Part of my web app allows the user to fill out a form - upon submit, the data is written to a json file in the home directory of my project – i.e. the data should be written to a file located in /var/www/html/project/data.json – unfortunately, I keep getting a “permission denied” error in the console.

I have tried
chmod 777 /var/www/html/project/data.json

chmod 777 /var/www/

I have also tried what this article suggested: https://fideloper.com/user-group-permissions-chmod-apache
However, that resulted in a 403 forbidden – which I had to restore permissions for /var/www/ back to its default.

I’ve been stuck on this problem for quite a few hours and I am not sure how to go about this. Python doesn’t seem to offer an option where I can sudo write to the file. I am not sure what to do.

vgaetera · August 2, 2019, 7:30pm

Please, test with:

sudo setenforce 0

Also check the logs: system and web server.

galvao · August 2, 2019, 8:50pm

Not sure if this will help, but what I usually do is this:

I add my own user to the apache group (may not be necessary in your case, but anyway…). Note that if you do this you’ll have to logout and log back in.
I chown the entire project folder to me and the group (sudo chown -R user:apache /var/www/html/project)
I set permissions to 775 (user and group can do anything, others can’t): sudo chmod -R 775 /var/www/html/project

Let me know if it helps! =)

sixpack13 · August 2, 2019, 9:04pm

I fear I do not have the ultimate solution for your problem, but maybe a step in it’s direction.
my experiences are with baikal (a dav server; now exchanged with radicale) which also needed write access in /var/www/dav.fritz.box/

rights/user/group were left to it’s defaults for /var/www/.
But for my dav-server the subdir:

chown apache:apache -Rf /var/www/dav.fritz.box

rights for the subdir “dav.fritz.box”: 755 for dir’s and 644 for files.
??? I guess Apache is writing in the subdir, not you or another user ( I’m unsure though) ???

A second point was selinux:

setsebool -P httpd_unified 1

see: https://danwalsh.livejournal.com/56760.html

maybe you’re able fetch some more selinux error’s with the package “setroubleshoot”

my virtualhost conf contains
…

<Directory “/var/www/dav.fritz.box/html”>
 Options None
 Options +FollowSymlinks
 AllowOverride All
 Require all granted
</Directory>
…

I’m not very experienced with webserver config, but I guest this is needed to do something with the above subdir (writing ?) . Got this from the baikal documentation !
So please consult your Django documentations.

Lastly, some commands ?

httpd -t => check’s virtualhost config
httpd -S => syntax check
httpd -X => debugging

tail -f /var/log/httpd/* to see what apache log’s during website access

That’s all I can do for you !

kendrakvnhvn10 · August 5, 2019, 4:52pm

Tried this. I still get “permission denied” – verified in console logs. Restarted computer too and apache server. Not sure if necessary to restart computer and apache server though. did it anyways for sanity check.

kendrakvnhvn10 · August 5, 2019, 4:55pm

Ah okay, so I’ve actually come across other posts that recommend adding your own user to the apache group, but everytime I try to execute the command
sudo adduser fac apache
, this is what I get:
Usage: adduser [options] LOGIN
adduser -D
adduser -D [options]

Options:
-b, --base-dir BASE_DIR base directory for the home directory of the
new account
…

Is this step necessary before continuing on with the next two bullet points?

kendrakvnhvn10 · August 5, 2019, 5:03pm

It didn’t fix my problem but gave me some hints in the right direction. Thank you.

tjdoyle · August 5, 2019, 5:48pm

Hi,

usermod would be better for this (i’m assuming fac is the username, please correct me if I’m wrong):

usermod -a -G apache fac

-a (appends) means fac stays a member of its current groups and also joins apache.

Thanks Tom.

kendrakvnhvn10 · August 5, 2019, 6:21pm

Hi Tom,

Yes, you are correct – fac is the username.
Okay, I ran that command. I tried restarting my computer and the apache server, but I still am not able to write to the file located in /var/www/html/project/data.json.

tjdoyle · August 5, 2019, 6:25pm

Hi,

Whats the about of:

ls -la /var/www/html/project/ & ls -la /var/www/html/project/data.json

Thanks Tom.

kendrakvnhvn10 · August 5, 2019, 6:33pm

Okay, actually I just arrived at the solution.
After completing
usermod -a -G apache fac
I followed @galvao second two bullet points. This has now allowed me to write to /var/www/html/project/data.json.

– however, I’m assuming that the commands you wrote in your post will list the permissions.
For ls -la /var/www/html/project/, I get:
drwxrwsr-x. 6 fac apache 4096 Aug 5 11:27 .
drwxr-sr-x. 3 fac fac 4096 Aug 1 10:12 ..
-rwxrwxr-x. 1 fac apache 52 Aug 1 10:12 .arcconfig
drwxrwsr-x. 6 fac apache 4096 Aug 5 11:25 buttons
-rwxrwxr-x. 1 fac apache 280 Aug 5 11:27 buttons.json
drwxrwsr-x. 2 fac apache 4096 Aug 5 11:25 configuration_buttons
-rwxrwxr-x. 1 fac apache 131072 Aug 1 10:12 db.sqlite3
drwxrwsr-x. 9 fac apache 4096 Aug 1 10:12 .git
-rwxrwxr-x. 1 fac apache 819 Aug 1 10:12 manage.py
drwxrwsr-x. 5 fac apache 4096 Aug 5 11:25 stations
-rwxrwxr-x. 1 fac apache 354 Aug 1 10:12 stnconf.json

And for ls -la /var/www/html/project/data.json, I get:
-rwxrwxr-x. 1 fac apache 280 Aug 5 11:27 /var/www/html/configuration_buttons/buttons.json

I’m curious though, I did try to chmod 777 /var/www/html/, but that didn’t solve my problem. I know that this is to be avoided for security purposes but I just wanted to see if it would do the trick. However, it didn’t. I came across many SO posts recommending this (along with the warning about security) and I am very confused as to why this did not work. Do you (or anyone else reading this) know why by any chance?

tjdoyle · August 5, 2019, 7:12pm

Hi,

Possibly selinux

Tom.

kendrakvnhvn10 · August 5, 2019, 7:25pm

Okay, I’ll have to research more on that.
Thank you.

vgaetera · August 5, 2019, 8:59pm

setenforce affects only runtime configuration.
It helps to find out if SELinux is involved in the issue or not.

kendrakvnhvn10 · August 5, 2019, 9:40pm

Oh okay, I see. Thank you for your input.

kendrakvnhvn10 · August 12, 2019, 6:03pm

So I had to recopy changes into /var/www/html/project which means I totally deleted /var/www/html/project and ran $ cp -r project /var/www/html/. I am following the solution I arrived at to get here before but now I am unable to write to /var/www/html/project/data.json. Here is what I have done:

usermod -a -G apache fac
sudo chown -R user:apache /var/www/html/project
sudo chmod -R 775 /var/www/html/project

Yet this is not working this time around. Any ideas as to why?

tjdoyle · August 12, 2019, 6:17pm

Hi,

try:

sudo chown -R fac:apache /var/www/html/project

Thanks Tom.

kendrakvnhvn10 · August 12, 2019, 6:52pm

Okay, tried that and this is what I got:
chown: cannot access '2': No such file or directory

tjdoyle · August 12, 2019, 7:27pm

Hi,

Sorry that was typo (i’ll edit the post) it should have been:

sudo chown -R fac:apache /var/www/html/project

Thanks Tom.

kendrakvnhvn10 · August 12, 2019, 7:52pm

Ah okay, still no luck.
Console says: [Errno 13] Permission denied: u'data.json'