Score:1

Apache file ownership and envvars

lk flag

I use Ubuntu 20.04. I have edited /etc/apache2/envvars to change the run user to userA: export APACHE_RUN_USER=userA

When I run this PHP script from W3 Schools to upload a file, the upload works - but the owner of the file is not userA as I intend. It remains www-data.

Yet: sudo apache2ctl -S reports User: name="userA" id=1002, as set in envvars.

So why does www-data own the file, and not userA? What is determining file ownership? FWIW, the permissions of the directory into which the file is uploaded are 774, and ownership is userA:www-data. "Set UID" and/or "Set GID" on the directory had no impact either.

If I drag and drop a file in the directory with WinSCP (using ssh), the ownership is userA:userA (yes, userA is a member of both the userA group and www-data group). If I Set GID and drag and drop, the owner is userA:www-data.

ru flag
Did you restart the Apache process entirely? (`sudo systemctl daemon-reload && sudo systemctl restart apache2.service`) If you haven't then it won't have loaded everything 'new' nor will it have restarted the processes to run as `userA`
ru flag
Check the `htop` output and set it to "tree" format in the htop setup - check what the subprocesses of Apache are running as - `userA` or `www-data` as well.
shortmort37 avatar
lk flag
I did stop it entirely - I even resorted to rebooting, to no avail. But I also posted this to StackOverflow, they suggest I should be looking at php-fpm, which sets permissions and ownership independent of apache: https://stackoverflow.com/questions/67892965/ubuntu-20-04-apache-file-ownership-and-envvars
ru flag
How'd you install PHP to begin with? Normally people just use the PHP that's bundled inside Apache. If you have `php-fpm` set up then that's something we need to know because FPM *isn't* the default PHP mechanism in Apache. And there's no way to determine if you are or aren't unless you share your configs with us.
shortmort37 avatar
lk flag
@ThomasWard, all of the apache processes are running as userA (except for one as root). There are several www-data processes running, all as www-data. In running phpBB, I have had occasion where I've needed to switch between different PHP versions in different environments - so I've followed the instructions listed here: https://devanswers.co/run-multiple-php-versions-on-apache/
shortmort37 avatar
lk flag
I am also running Ubuntu. This article states that PHP does *NOT* come bundled with apache: https://www.serverlab.ca/tutorials/linux/web-servers-linux/installing-php-for-apache-on-ubuntu/
ru flag
Um... it depends on how you install it. Apache2 doesn't come with Apache by default, yes, however MOST people install the Apache PHP plugin rather than using php-fpm with Apache, because it's simpler. (Fun fact: it goesback to the statement I made of "It depends how you installed PHP")
shortmort37 avatar
lk flag
Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/126285/discussion-between-shortmort37-and-thomas-ward).
Score:1
ru flag

So, this will depend heavily on how you do your PHP.

There's two typical approaches to this with Apache, and each have different considerations to fix this issue with permissions.


Embedded php module in Apache

This is the simplest solution to get Apache to work with PHP. PHP runs within Apache, and runs as the Apache configured user.

sudo apt install libapache2-mod-php
sudo a2enmod php
sudo systemctl restart apache2.service

PHP FPM

PHP FPM is the other option - you would install the php-fpm package, but you'll also need extra work with Apache to make it work.

sudo apt install libapache2-mod-fcgid php-fpm

You then need to enable the FCGId module in Apache, as well as the alias and proxy_fcgi modules:

sudo a2enmod actions fcgid alias proxy_fcgi

For Ubuntu 20.04, PHP is 7.4, so you will need to add this to your server configuration wherever you're using php-fpm:

    <FilesMatch \.php$>
        # 2.4.10+ can proxy to unix socket
        SetHandler "proxy:unix:/var/run/php/php7.4-fpm.sock|fcgi://localhost"
    </FilesMatch>

This must be within your <VirtualHost ...> blocks wherever you're using PHP.

You then must adjust /etc/php/7.4/fpm/pool.d/www.conf to make it use the user you intend to - look for the user = www-data line, and adjust this to the user you want. I would comment this line out and then put your user defined one underneath it, but that will change the user in use by php-fpm for it to read/write with.


Either of these approaches will fix your PHP user/group that it writes/creates files with - it just depends how you install PHP - Apache embedded module, or FPM.

shortmort37 avatar
lk flag
Thank you, @ThomasWard. I favor running PHP within Apache; I've made an attempt to apt remove php-fpm (and purge), but it still appears to be running. A subsequent remove attempt reports that it is not installed, so that's puzzling. I've even rebooted, but htop reports it running. In any event: I attempted to follow the embedded PHP instructions. "sudo apt install libapache2-mod-php" went smoothly, but the a2enmod command reports "ERROR: Module php does not exist!" I am thoroughly confused now.
ru flag
`sudo apt purge 'php*-fpm'` might help remove the FPM components. `php-fpm` is a metapackage, pulls in `php7.4-fpm` on Ubuntu, so you need to do a more broad purge. Or just purge `php7.4-fpm`.
shortmort37 avatar
lk flag
quite right! That purge eliminated fpm, it no longer appears in htol. All is now well. Many thanks!
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.