Setup for webdevelopment

Issues related to applications and software problems
christoforosK
Posts: 3
Joined: 2017/09/20 10:36:18

Setup for webdevelopment

Postby christoforosK » 2017/09/20 18:26:39

Hello,
I am new to centos7 just came from win.
I 'd like to set up my machine as a web development workstation but I can not make it. Right now I must have done something very wrong because when I go to http://localhost I get
"Forbidden
You don't have permission to access / on this server."

I really want to learn how to use this os, so I would like to point me to documentation related on how setting up a machine as web developer work station. I have seen the series "building the perfect server with ..." but this are towards a server machine.
What I would like to have is
Name virtual host,
Users of the workstation having r/w access to fiels
and If it is possible, besides serving from /var/www/html, I would the users of the machine to be able to serve web applications from their public_html director not by a url like /localhost/~/local.wepapp but by a name virtual host like "local.webapp".

any link to related docs or info would be match appreciated,

thank you,
christoforos

aks
Posts: 2498
Joined: 2014/09/20 11:22:14

Re: Setup for webdevelopment

Postby aks » 2017/09/23 18:34:06

Forbidden You don't have permission to access / on this server.


That means what it says.

1) Does the httpd server "know" the webroot? By default I think this is now somewhere under /usr/share/<something>. That's a change from C6 and previous versions.
2) Does the user running the webserver (usually either called apache or httpd), have read/execute permissions on the directory and the files (execute only required for directories not files)?
3) Have you run into an SELinux problem. Switch to permissive mode (use setenfoce command for this), try your http get and if that works, then you need to relabel those files (restorecon can help).

Users of the workstation having r/w access to fiels
and If it is possible, besides serving from /var/www/html,


I see a potential problem there:

The default webroot is no longer under var and creation/update of files will probably no longer get the SE label required for web content, by default. To do so would involve you creating your own SE policy (not hard, but you've got to learn a whole bunch of stuff before hand). You'll want to ensure that when users write to the directories/files, they get the right labels and permissions.

public_html director not by a url like /localhost/~/local.wepapp


AKA Apache's user directories module.

any link to related docs or info would be match appreciated,


The Sys Admin documentation on |RHEL 7 docs site, provides much detail on the subjects mentioned (it's under web services, towards the end of the book).

SS2000
Posts: 2
Joined: 2015/06/21 18:01:15

Re: Setup for webdevelopment

Postby SS2000 » 2017/09/26 21:07:46

Hi,
You will need to familiarise yourself with users' rights and permissions and how Apache behaves via editing its config file.
A good starting point would be this:
https://www.dedoimedo.com/computers/www ... ver-lm.pdf

christoforosK
Posts: 3
Joined: 2017/09/20 10:36:18

Re: Setup for webdevelopment

Postby christoforosK » 2017/09/28 07:08:04

The server knows about web root it is on /var/www/html and runs as user apache in group apache and the permissions are ok for this folder.
What I am trying to achieve is besides /var/www/html I am trying to serve also from /home/<user>/public_html which is known to apache from a Directory directive inside httpd.conf
Probably the problem is with permissions because /home/<User>/public_html folder belongs to User and group User and apache has no rights.
Two solution came on my mind:
1. To change ownership of /home/<user>/public_html to <User>:apache and give permissions 775 so <User> and group apache have rw access.
2. Change ownership default document root (/var/www/html) to apache:developer and add <User> to developer group with 775 permissions.
I followed the second beacouse I was afraid to change the document root.
I cant not say that I solved my problems because every time a new file is created by my IDE (Ntebeans) it is giver <User>:<User> ownership and I have to change ownership manually.

Perhaps se linux solves problems like this, I will surely have to learn it,

thanks for the info!

PS: Is it possible to have sub groups e.g .developer group as subgroup of apache or vice versa? (forgive me if what I ask is stupid, newbie here)

ahitch
Posts: 11
Joined: 2017/10/01 18:09:10

Re: Setup for webdevelopment

Postby ahitch » 2017/10/08 20:40:37

It can be done, but get your httpd server running properly first.

Permissions on those files and directories is something Linux is finicky about.
The first thing I'd recommend is to get the files you want ot publish out of the "/home" directory. That's probably going to cause headaches later, even if you get it working.

"VirtualHost" is your friend, once you get the first default page to load properly.

Check out this link pertaining to Access Control Lists.... There's a surprizing amount of malleability with Linux permissions....

http://www.softpanorama.org/Solaris/ACL/index.shtml

Best of luck!
Have fun!

christoforosK
Posts: 3
Joined: 2017/09/20 10:36:18

Re: Setup for webdevelopment

Postby christoforosK » 2017/11/05 06:28:00

the first thing I'd recommend is to get the files you want ot publish out of the "/home" directory

thanks for the answer @anitch but outside /home the files wont be editable by editable without permission modification. I need to configure the machine for web development so edit, create, delete will be in daily base and propably form an IDE so it has to be done without more effort by the user.

So I ended up to this configuration which works fine for about 2 weeks now.
First I had a user named User belonged to the group User. Apache was running as user apache and belonged to the group apache.

1. I changed apache to also belongs to the group User.
2. I changed permisson of user home directory and personal web folder ( /home/User, home/User/public_html) to rwx--x--. This way apache could access directory without be able to modify them while the User could modify them.
3. I add to apache configuration file, in my case it was /etc/httpd/conf/httpd.conf the directive

Code: Select all

<Directory "/home/User/public_html">
        AllowOverride None
        Options Indexes FollowSymLinks
        Require all granted
</Directory>

4. I use joomla mainly and I changed every site project inside /home/User/publi_html/xxxxx, folder permissions to 770 and files permissions to 660. I don't know if this is necessary or if this applies to other frameworks.

Until now this configuration works fine but any suggestion is welcome.