Allow Linux Users to change the Document Root on Apache

Allow users to change the Content in Document Root

Today, In this short article We will seen how the user (i.e jack) is able to create content in Document Root(i.e /var/www/private), That means how a Linux normal user have a read and write permissions for your web document root.

Previously we have seen various articles related to Apache Web server, refer below links;

Setting up Simple Web Server on RHEL7/Centos7

Create An Alias Web Site on Apache Web Server

Redirect the Website on Apache Web server

Port based hosting on Apache Web server

Name Based Virtual Web Hosting on Apache

IP Based Virtual Web Hosting

In our demonstration we are creating one directory in document root (i.e /var/www/).

[root@server1 ~]# mkdir /var/www/private 
[root@server1 ~]#

Go for further, first We will check the IP Address of server using ifconfig command. If you don’t know how to configure the static IP Address, refer below link.

Setting up static IP address on CentOS/RHEL7

[root@server1 ~]# ifconfig enp0s9 
enp0s9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500 
        inet 192.168.1.110  netmask 255.255.255.0  broadcast 192.168.1.255 
        inet6 fe80::a00:27ff:fe4b:be73  prefixlen 64  scopeid 0x20<link> 
        ether 08:00:27:4b:be:73  txqueuelen 1000  (Ethernet) 
        RX packets 2  bytes 120 (120.0 B) 
        RX errors 0  dropped 0  overruns 0  frame 0 
        TX packets 12  bytes 888 (888.0 B) 
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 
 
[root@server1 ~]#

Go to ““/etc/httpd/conf.d”” directory, We have already created (On previous articles) the  “ittroubleshooter.conf” file  and add a some lines on bottom, as shown below;

[root@server1 private]# cd /etc/httpd/conf.d/ 
[root@server1 conf.d]# vim ittroubleshooter.conf

Edit ittroubleshooter.conf file # vim ittroubleshooter.conf

<VirtualHost 192.168.1.110:80> 
ServerAdmin     root@www.ittroubleshooter.in 
ServerName www.ittroubleshooter.in 
DocumentRoot /var/www/private 
ErrorLog logs/private.in-error_log 
CustomLog logs/private.in-access_log common 
</VirtualHost> 
 
~ 
~ 
:wq

Now we are going to add the jack user in the system and then gives the editing permission to Document directory(i.e /var/www/private).

[root@server1 ~]# useradd jack 
[root@server1 ~]# setfacl -m u:jack:rwx /var/www/private/

Now, Login with jack user and try to create and edit “index.html” file in document root(i.e /var/www/private/).

[root@server1 ~]# su - jack 
[jack@server1 ~]$ cd /var/www/private/ 
[jack@server1 private]$ touch index.html 
[jack@server1 private]$ ls 
index.html   
[jack@server1 private]$ vim index.html

Edit index.html file #vim index.html

<html>  
<body>  
<h1>Welcome to ITTroubleshooter Site</h1>  
###### Allow users to change the Content #######  
</body>  
</html> 
 
~ 
~ 
:wq

Check the context using below command.

[jack@server1 private]$ ls -Z index.html  
-rw-rw-r--. jack jack unconfined_u:object_r:httpd_sys_content_t:s0 index.html 
[jack@server1 private]$

Now, Before restart the httpd service check the syntax.

[root@server1 ~]# httpd -t 
Syntax OK 
[root@server1 ~]# systemctl restart httpd 
[root@server1 ~]#

Make sure if your firewall service is running then Allow httpd service on firewall.

[root@server1 ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent 
success 
[root@server1 ~]#firewall-cmd --reload 
success

Now, Verify the status of web-server on browser. Open the browser and pointing to your server’s  IP address, show below.

allow_userittroubleshooter-in

To open the website from command line use the following command. #elinks 192.168.1.110

allow_user_cmd_ittroubleshooter

Hope this post will help Linux/Unix beginners. If you find any difficulties using this article then please do comment your queries, till then connected with us at ittroubleshooter.in .!!!

 

Leave a Reply

Be the First to Comment!

Notify of
avatar
wpDiscuz