MediaWiki permissions issues on LAMP/Ubuntu 8.04 X86_64.
If not, for MediaWiki, I keep all my sensitive info (db user/pass, e.g.) in an external php file (outside the webroot in case my AddHandler settings ever get hosed) that I include in LocalSettings.php (it's also handy for keeping a single LocalSettings template - my external files also hold variables that I use to substitute in the 6 or 7 places in LocalSettings where they are site-specific).
On my shared host, Apache runs as my user, so permissions are not really an issue. On my local machine, I'm using XAMPP (on Mac OS X), so the permissions are a bit odd, but generally, I let the webserver own everything, then put it in my group (result: if permissions are, e.g., 600 on the shared host, they would be 660 on my local one).
On Linode, I have installed Apache, MySQL, and PHP. I have Apache working (without VirtualHosts for the moment–that seems like another project) on both port 80 and port 443 (SSL), and I've successfully installed SSL certs, etc. I've gotten my firewall set up, my SSH set to a non-standard port, etc. All that was a great learning experience, and somehow it all works--even phpmyadmin (except it takes me to a login page rather than an Auth window - sill works though). I installed everything using apt-get following instructions I found on the Linode wiki (some better than others, but I tinkered until it worked). Everything seems to work except for MediaWiki (I still outsource my DNS and mail--I'm not that brave yet).
My DocumentRoot is /var/www. I tried changing the ownership/permissions on subdirectories to my username/group so that I wouldn't have to "sudo" every time I edit something. (I have since changed them back to "root").
I have enabled modrewrite, modssl, mod_suexec, etc. (a2enable xxx)
When I try to get to my MediaWiki page, I get the following error:
Warning: include_once(/home/username/external_includes/00003/0000304elsincludes.php) [function.include-once]: failed to open stream: Permission denied in /var/www/client/00003/04/mw/LocalSettings.php on line 39
Line 39 is where I include the external file.
[removed for security]
I am redirecting to 0000304 through an .htaccess rewrite because that is what my shared host requires, and it will make migration much easier (I do the same thing on my local machine) - once (if) I'm completely moved over, I'll consider changing to an apache2.conf alias.
Here's my .htaccess file (in /var/www):
Options -Indexes
Options +FollowSymLinks
SetEnv TZ America/New_York
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^0000304/?(.*)$ /client/00003/04/mw/index.php?title=$1 [PT,L,QSA]
I have config files in /var/www/ and aliases to the common code in my /home/username/ directory to run multiple sites (saves a lot of disk space); this is no problem on my XAMPP setup at home (running on a Mac) and on the shared host from which I'm (planning to be) migrating.
I changed the owner to www-data (what I could surmise from ps -waux showing what user was running httpd), and left the group at username so that I wouldn't have to "sudo" to do anything. No luck.
I understand that I may have to "sudo", and that's fine, so long as I can get the site running….
So, I've tried the following (originally files owned by my username):
sudo chmod -R 660 LocalSettings.php
sudo chown -R root *
sudo chgrp -R root *
-same result
sudo chown -R www-data *
sudo chgrp -R www-data *
-same result.
I'm about to rip out what little hair I have left and I'm at the end of my rope in terms of searching (in vain) for any documentation on how to fix this issue.
[cut for security]
Any help would be great, thanks!
3 Replies
Then you must have proper permissions to read the file you're trying to include. To read the file '/home/lawgyont/external_includes/00003/0000304elsincludes.php', the www-data user or group must have:
* execute permission on /home
execute permission on /home/lawgyont
execute permission on /home/lawgyont/external_includes
execute permission on /home/lawgyont/external_includes/00003
read permission on /home/lawgyont/external_includes/00003/0000304elsincludes.php
It is typical for users' home directories to have execute permissions set for others (everyone), so you probably will not need to change this. Likely the easiest way to make the file itself readable by Apache (but not by everyone on the system) is:
# cd /home/lawgyont/external_includes/00003/
# chgrp -v www-data 0000304elsincludes.php
changed group of `0000304elsincludes.php' to www-data
# chmod -v 640 0000304elsincludes.php
mode of `0000304elsincludes.php' changed to 0640 (rw-r-----)
# ls -l 0000304elsincludes.php
-rw-r----- 1 root www-data 123 Mar 15 18:41 0000304elsincludes.php
I think that ought to work, but I'm not very familiar with Mediawiki…
Thanks for the reminder on the "x" permissions bit in higher-level directories - can't cd to read something without it….
I also moved the "include" file out of the home directory (doesn't really belong there in any case) and fixed permissions to be a bit more consistent with my other systems.