- Published on
Fixing forbidden errors in servers.
- Authors
- Name
- Karani John
- @MKarani_
Sometimes, nginx or apache2 will often slap you with the forbidden error html page after you have deployed. This will usually happen when you are new to the whole server deployment and configuration. It can also happen locally when you are having fun configuring the servers. It works on the development server but not the deployment server. In this article we will discuss linux file and directory permission commands that will help you fix the forbidden error messages.
its friday, its blog day
That 403 page after a few hours of configuring the server will always frustrate you. You wonder why it should work on your machine and not on your vps or even the apache server you have locally and want to enjoy the <project>.localdomain. The issue is usually permission issues with linux which is good and kinda frustrating when beginning. I'll focus primarily on isssues with permissions. I can discuss deployment to a server on a different article maybe. Let's dive in.
user and group
Linux organises users into groups. Users will belong to a primary group and can be added to to secondary groups. When a user creates a file, the user becomes the owner of the group and the file is added to the user's primary group. This is how linux will organize for security of files.
The command ls -l will often show you the user:group eg for my case its *karani:karani as shown below
Some examples of user groups can be gotten by running:
cat /etc/group
www-data
When apache2/nginx runs(ubuntu), it typically runs as www-data user and www-data group. As I mentioned, that means it doesn't have permissions on certain paths since they belong to a different user and group. In my case I use laravel and will often have to chown(change ownership) and if that does not work chmod change mode will come to the rescue.
Change Ownership(chmown) will usually take the user and group split by a colon and then the path of the file. When only a user is given, only the ownership will change and not the group. It usually transfers ownership to a different group/user. This will allow the user eg ``www-data` to perfrom various operations like read, write and execute.
More often, we only have to change ownership and it should sort out the access denied error when you go to check your browser.
sudo chown www-data:www-data /path
In the case for laravel apps, we need to :
N chown -R www-data:www-data path-to storage path-to-bootstrap/cache path to database(when using sqlite)
The -Roption allows for operation of files recursively and that should be it for most of the cases. You usually don't need to run more commands especiallly when working in the ``var/www/` directory.
But again,
Its code, you can't expect it to always work. We spend more time configuring things to work. So let's talk about the next command:
> chmod
Usually you have done this a couple of times, take a command and paste. You don't even man <command> to see what it does. We just want things to work. chmod was one of those for me. I just wanted it to work.
chmod -R xxx /path
This command changes the permissions of a file or directory. In my computer it doesn't bother me(it should) to run something I copied. But in a setting where you have a few users using the same system, its important to know what these commands mean. The command takes 3 digits xxx and here is a breakdown:
- Owner Permissions (first digit):
- 4: Read (
r) permission - 2: Write (
w) permission - 1: Execute (
x) permission
- Group Permissions (second digit):
- 4: Read (
r) permission - 2: Write (
w) permission - 1: Execute (
x) permission
- Others Permissions (third digit):
- 4: Read (
r) permission - 2: Write (
w) permission - 1: Execute (
x) permission
If I want to give www-data (user) the ability to read, write and execute files after I transferred the ownership to them, I can do basic arithmetic
4+2+1=7 which means my command will look like this:
chmod -R 700 /path
This means I have given the owner of the dir/file the ability to write to file, read and also execute. The rest(group and others) have no permissions.
Remember, we always add in the order 4->2->1 because its obvious. We cannot have write without read anyways. This means that now we can set permissions for different dirs or files based on your preferences.
Now you can see who owns the file, check the user/group that needs access to files, transfer ownership to them or change permission to files. This will help you figure out what to do when you get permission errors on the servers.
I didn't get to write last friday, back on track 😃