Hi,
To write in a folder to made possible upload file i have to add the “apache” user to a groups owner of another shared folder admin:utentilocali.
I tried to execute the command: # usermod -a -G utentilocali apache
but did’t have effect…
groups apache still apache:apache…
What i have to do to make the webserver uploading in a shared folder (…/ibay/sharedfolder…/ ) ?
it is a symlink to follow and write in it…
in the .htwritable i have to insert the full path of the subdirectory or the relative one ?
can apache user write on another shared folder ?
I have to write (upload file) in a shared folder that is shared by samba
It was so simply on debian server !.. I added the user www-data (apache webserver owner) to the group owner of the shared directory and all worked…
why on nethserver / centos i can’t add the apache user in another (secondary) group ? damn
So… it is possible or not assign a secondary group to a user ?
I use the ssh to change the group of the apache user.
I’ve try but the apache user seems fixed to only apache group.
To summarize and for other if want test the situation:
Nethserver 6.5
I have a shared folder: /var/lib/nethserver/ibay/cartellaCondivisa
The owner is “admin”, group: “utentilocali” (default from creation for the we interface)
I have a second shared folder set to be the root of apache webserver: /var/lib/nethserver/ibay/cartellaApplicazione
The owner is “admin”, group: “utentilocali”
I’ve created a symbolic link in the root folder:
:# ln -s /var/lib/nethserver/ibay/cartellaCondivisa /var/lib/nethserver/ibay/cartellaApplicazione/condivisaLink
The webserver (php/apache) it is unable to read and write the symbolic link.
How to make the webserver be able to read and write the symbolic link ?
Perhaps i’ve found why also in the nethserver 6.7 and .htwritable (invention of dev team of nethserver ?) file configured the symlinks are not signed to be writable:
.htwritable file are for using the automation from the nethserver panel.
But i don’t understand why configuring manually (via ssh) the group of a user doesn’t work… it should be the same thing… or no ?
a dirty quick answer is to let apache as the owner of the shared folder, the scripts of NS just reset the group, never the owner
@davidep is concerned by the apache user restrictions, but in some case (for wedav by example) we cannot do it without this user.
Moreover the .htwritable is hard to use since you need to write it manually on the server and probably can be modified by a samba access…a gui will be welcome…but even with that you must know and understand which folders must have a write permission.
For what it concerns me (Mod Dav) I need a full write permission to the root folder of the Ibay, eventually I would love an option for that-> (*), else I need to set apache as the owner of the shared folder.
of course if an obvious other way exists, please shout
if apache is the owner of the ibay shared folder you cannot use it by samba… or not?
To maximum comfort i use samba access (on the office lan) to update the application (update are very frequently, every two or three days).
Or another server i achieved this target by inserting the apache user in the group owner of the directory… a very simply thing.
@stephdl
So you are suggesting to set apache as the owner of the ibay shared folder… but to use it by samba access i have to insert a samba user in the apache user group…
It is evident that you don’t need to do the same tests than me, specially on a production server, but when I change the owner to Apache, I still can write in the folder after with samba.
All files and folders keeps the same ownership (apache/Samba_Owner_Group)
# ll -R /var/lib/nethserver/ibay/
/var/lib/nethserver/ibay/:
drwxrwsr-x+ 8 apache yuyu 4096 Dec 27 08:42 tutu
/var/lib/nethserver/ibay/tutu:
drwxrwsr-x+ 2 apache yuyu 4096 Dec 27 08:42 sambacreation
/var/lib/nethserver/ibay/tutu/sambacreation:
total 4
-rw-rw-r--+ 1 apache yuyu 0 Jan 28 2015 Nouveau NewFile
I noticed something interesting, probably a bug, a user created before the installation of nethserver-samba cannot reach a samba share, even if you go to the panel for allowing this user to the samba shares after the samba installation…I needed to create a new user and set him a password.
To give read and write permission to the apache (in order to upload ad see file from the web application) user i’ve inserted the apache user in the group owner of the shared folder (not the root of apache webserver). I’ve tested this solution on a server powered by debian and another powered by centos 6. But with nethserver seems doesn’t work…
and you will be able to write in the whole Ibay…but each time you will reset the permission in the Ibay Panel, or reconfigure the Ibay with the event ibay-modify, you will reset the acl