a slight correction/clarification below ... > Date: Friday, August 13, 2021 22:49:31 +0200 > From: Rene Veerman <rene.veerman.netherlands@xxxxxxxxx> > > but after the upload, when i try to view the files, i get an Apache > level "Access denied" message in the browser > ... > shows debug information that > lists the chown rene:www-data command on the files to fail, but > that's understandable because apache runs as www-data:www-data. > However, the chmod 770 command on the files does succeed, > ... > - after running my > https://github.com/nicerapp/nicerapp/blob/main/setPermissions.sh > script after the upload has fully completed, the > photoalbum/4.0.0/index.php display script works without the access > denied bug and correctly displays the sub-folder contents. > You need to show your work ... - show the apache error log errors - the browser message isn't very useful - show a (truncated) directory/file listing (from the shell) that includes the ownership/group settings and permissions &etc. Separately, while your script appears to set the "nicerapp" directory with the owner/group of rene:www-data and 750 permissions, at the bottom of that script, files under that are given 770 permissions. That means that the apache instance - which you indicate runs as "www-data" and is in the "www-data" group - has write permission to those directories and files. This is a security risk. Directories and files under the document root should *never* be writable by the process that is running the apache server.
