------------ Original Message ------------ > Date: Friday, August 13, 2021 22:49:31 +0200 > From: Rene Veerman <rene.veerman.netherlands@xxxxxxxxx> > but after the upload, when i try to view the files, i get an Apache > level "Access denied" message in the browser ... > shows debug information that > lists the chown rene:www-data command on the files to fail, but > that's understandable because apache runs as www-data:www-data. > However, the chmod 770 command on the files does succeed, ... > - after running my > https://github.com/nicerapp/nicerapp/blob/main/setPermissions.sh > script after the upload has fully completed, the > photoalbum/4.0.0/index.php display script works without the access > denied bug and correctly displays the sub-folder contents. You need to show your work ... - show the apache error log errors - the browser message isn't very useful - show a (truncated) directory/file listing (from the shell) that includes the ownership/group settings and permissions &etc. It's not clear what you mean by: > apache runs as www-data:www-data. That looks like the owner/group information that you'd put on a chown command, not the way you would describe the user that a process runs as. While your script appears to set the directory for your "nicerapp" with the owner/group of rene:www-data with 750 permissions, at the bottom of that script, files under that are given 770 permissions. That means that the user "www-data" has write permission to those directories and files. Assuming that your apache instance runs as "www-data", this is a security risk. Directories and files under the document root should *never* be writable by the process that is running apache server.
