Ubuntu
Ubuntu LAMP 權限
我剛剛安裝了 Ubuntu Server 12.10,並在安裝過程中選擇了 LAMP、OpenSSH 和郵件伺服器包。我唯一做的另一件事是通過 apt-get 安裝 nmap。我可以 SFTP 到我的伺服器,但我無權創建目錄或將文件上傳到 /var/www/。我需要做些什麼來修復它,以便我可以在這裡上傳文件?我已經閱讀了許多與此相關的不同主題,但它們都處理特定場景,並且通常涉及做我不知道該怎麼做的事情的答案,比如在目錄上設置“setgid”。我只知道如何管理伺服器的基礎知識,所以請詳細說明。謝謝!
apache2.conf:
# ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # NOTE! If you intend to place this on an NFS (or otherwise network) # mounted filesystem then please read the LockFile documentation (available # at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>); # you will save yourself a lot of trouble. # # Do NOT add a slash at the end of the directory path. # #ServerRoot "/etc/apache2" # # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. # LockFile ${APACHE_LOCK_DIR}/accept.lock # # PidFile: The file in which the server should record its process # identification number when it starts. # This needs to be set in /etc/apache2/envvars # PidFile ${APACHE_PID_FILE} # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 # # KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to "Off" to deactivate. # KeepAlive On # # MaxKeepAliveRequests: The maximum number of requests to allow # during a persistent connection. Set to 0 to allow an unlimited amount. # We recommend you leave this number high, for maximum performance. # MaxKeepAliveRequests 100 # # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # KeepAliveTimeout 5 ## ## Server-Pool Size Regulation (MPM specific) ## # prefork MPM # StartServers: number of server processes to start # MinSpareServers: minimum number of server processes which are kept spare # MaxSpareServers: maximum number of server processes which are kept spare # MaxClients: maximum number of server processes allowed to start # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_prefork_module> StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # worker MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadLimit: ThreadsPerChild can be changed to this maximum value during a # graceful restart. ThreadLimit can only be changed by stopping # and starting Apache. # ThreadsPerChild: constant number of worker threads in each server process # MaxClients: maximum number of simultaneous client connections # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_worker_module> StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # event MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxClients: maximum number of simultaneous client connections # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_event_module> StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # These need to be set in /etc/apache2/envvars User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} # # AccessFileName: The name of the file to look for in each directory # for additional configuration directives. See also the AllowOverride # directive. # AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy all </Files> # # DefaultType is the default MIME type the server will use for a document # if it cannot otherwise determine one, such as from filename extensions. # If your server contains mostly text or HTML documents, "text/plain" is # a good value. If most of your content is binary, such as applications # or images, you may want to use "application/octet-stream" instead to # keep browsers from trying to display binary files as though they are # text. # # It is also possible to omit any default MIME type and let the # client's browser guess an appropriate action instead. Typically the # browser will decide based on the file's extension then. In cases # where no good assumption can be made, letting the default MIME type # unset is suggested instead of forcing the browser to accept # incorrect metadata. # DefaultType None # # HostnameLookups: Log the names of clients or just their IP addresses # e.g., www.apache.org (on) or 204.62.129.132 (off). # The default is off because it'd be overall better for the net if people # had to knowingly turn this feature on, since enabling it means that # each client request will result in AT LEAST one lookup request to the # nameserver. # HostnameLookups Off # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # ErrorLog ${APACHE_LOG_DIR}/error.log # # LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. # LogLevel warn # Include module configuration: Include mods-enabled/*.load Include mods-enabled/*.conf # Include list of ports to listen on and which to use for name based vhosts Include ports.conf # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent # Include of directories ignores editors' and dpkg's backup files, # see the comments above for details. # Include generic snippets of statements Include conf.d/ # Include the virtual host configurations: Include sites-enabled/
envars 文件:
# envvars - default environment variables for apache2ctl # this won't be correct after changing uid unset HOME # for supporting multiple apache2 instances if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}" else SUFFIX= fi # Since there is no sane way to get the parsed apache2 config in scripts, some # settings are defined via environment variables and then used in apache2ctl, # /etc/init.d/apache2, /etc/logrotate.d/apache2, etc. export APACHE_RUN_USER=www-data export APACHE_RUN_GROUP=www-data export APACHE_PID_FILE=/var/run/apache2$SUFFIX.pid export APACHE_RUN_DIR=/var/run/apache2$SUFFIX export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX # Only /var/log/apache2 is handled by /etc/logrotate.d/apache2. export APACHE_LOG_DIR=/var/log/apache2$SUFFIX ## The locale used by some modules like mod_dav export LANG=C ## Uncomment the following line to use the system default locale instead: #. /etc/default/locale export LANG ## The command to get the status for 'apache2ctl status'. ## Some packages providing 'www-browser' need '--dump' instead of '-dump'. #export APACHE_LYNX='www-browser -dump' ## If you need a higher file descriptor limit, uncomment and adjust the ## following line (default is 8192): #APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'
您提供的文件確實提供了您正在尋找的答案二。apache2.conf 文件具有以下指令:
User ${APACHE_RUN_USER}
和Group ${APACHE_RUN_GROUP}
. 在 envars 中,這些環境變數中的每一個都被分配了值:www-data
這是基於 Debian 的發行版的預設值,例如 Ubuntu 和 Mint。這些配置指定了授予 apache 權限的使用者和組。為了能夠提供文件,apache 必須能夠讀取這些文件。因此,該
/var/www
目錄由 userwww-data
和 group擁有www-data
。為了讓外部使用者能夠寫入目錄,使用者必須:
- 以身份登錄伺服器
www-data
(不推薦)或者
- 成為該
www-data
組的成員(最佳解決方案)。唯一的另一種選擇是打開使用者目錄以允許 Apache 為外部世界提供使用者主目錄(並由使用者擁有)中的特定目錄。以這種方式提供的 URL 傳統上看起來像這樣:
http://example.com/~username/index.html