1

I have a server setup where new linux users are created using (PHP)

shell_exec ( '/usr/sbin/useradd ' . $username ); exec ('usermod -a -G ' . $username . ' '. $username); #add user into the usergroup exec ('usermod -a -G ' . $username . ' www-data'); #add usergroup with the www-data

And then the user script changes the owner and group of the files to this owner. The server is setup with suPHP which then allows these files to be run as the owner.

This setup worked fine with Apache 2.2 but is breaking in Apache 2.4. Everything works fine except when I try to oepn the files, it gives a 403 forbidden error. Restarting apache after the user is added fixes the issue but that is not a viable solution for me. The users are added using a web server and hence I need to be able to do this without having to reload/restart apache everytime.

I have searched for serveral hours and tried to fix the issue but haven't been able to do so! I am running ubuntu 14.04 and I am not able to downgrade to apache 2.2 as well.

Improve this question
6
  • Is anything recorded in either the Apache error log or do you have AppArmor enabled (check with aa-status)? Commented Sep 5, 2014 at 14:06
  • Error log just shows AH00132: file permissions deny server access Commented Sep 5, 2014 at 14:13
  • I don't have AppArmor enabled Commented Sep 5, 2014 at 14:14
  • That error is typically an indication that the file permissions on the PHP script are incorrect. Commented Sep 5, 2014 at 14:32
  • Yeah I know... but if that was the case, restarting apache should not affect anything! Commented Sep 5, 2014 at 14:47

1 Answer 1

Reset to default
2

Every time you add yourself to a group you need to log out and log back in for changes to take effect. The same thing is happening here, by restarting Apache you allow it to "log back in" and be in the user's group which then allows it to read and serve the user's files.

Improve this answer
3
  • Oh ok, but same settings used to work fine with apache 2.2 as far as I remember. I started having this issue only after I HAD to upgrade to Ubuntu 14.04 and Apache 2.4. Is there a way to bypass this? Commented Sep 6, 2014 at 13:33
  • A way would be to have every user be part of www-data group, but I'm not sure about the security of this since any user can read any other user's files. Commented Sep 6, 2014 at 14:30
  • Yeah, I can't do that.. Is there a way to load the group changes manually? I tried searching a lot and only relevant questions I found were regarding "Adding users without logging out" and they are more about keeping the session and changing the logged in group using "newgrp <group id>" but that doesn't work in my case.. Commented Sep 8, 2014 at 6:17

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.