HOWTO Write to a Web Directory
From SEDSWiki
Contents |
Introduction
The apache process runs using the _www user. Any scripts or modules that write from the apache process must take special care to only use properly permissioned directories and to use the proper apache directives on those directories.
Directory Permissions
The _www group needs to have rwx permissions to allow apache to write to the directory.
If the _www group is not already set on the directory use
- chgrp _www <directory>
where <directory> is the path to the directory
Then make sure all the permissions for the _www group are on
- chmod 774 <directory>
The resulting output should look like this:
- drwxrwxr-- 4 <username> _www 136 Jun 3 01:56 <directory>
Apache Directives
You also need to set directives on your _www writeable directory so that scripts cannot be executed in that directory. This is very important for ensuring security on the SEDS web server.
You will find the configuration file for your site in
- /opt/local/apache2/conf/sites
Add a Directory entry for each writeable directory in your site that looks like this
- <Directory "<directory>">
- AllowOverride None
- Options -ExecCGI
- php_flag engine off
- </Directory>
To initiate these changes you will need to gracefully restart apache using the following command
- /opt/local/apache2/bin/apachectl graceful
Notes
The directives can also be issued using a .htaccess file within the directory but for performance reasons adding the directives to your site configuration is the preferred method. If you do use .htaccess then you do not need to perform a graceful restart.
It is actually much safer to write files to a directory which is outside of your apache directory. In cases where you do not need to have the written files accessible on the web you should choose to write them outside of the html directory. In this case you will still need to set the permissions on the directory properly but will not need to set any apache directives on that directory.
