Tag Archives: permissions

Configure ACLs in Linux

I came across a need to make files in a folder inherit certain permissions no matter who creates them. Thanks to Stack Overflow for help in figuring this out.
You first set a sticky bit for the parent folder, then use the setfacl command to set the ACL:
chmod g+s -R <folder>
setfacl -d -m "g:<group name>:<permissions>" -R <directory>
Grants all members of group testgrouprw read,write, and directory permissions to /var/www/html/wordpress:
setfacl -d -m "g:testgrouprw:rwX" -R /var/www/html/wordpress/

Fix Apache Permission Denied errors

The other day I ran the rsync command to migrate files from an old webserver to a new one. What I didn’t notice right away was that the rsync changed the permissions of the folder I was copying into.

The problem presented itself with a very lovely 403 forbidden error message when trying to access any website that server hosted. Checking the logs (/var/log/apache2/error.log on my Debian system) revealed this curious message:

[error] [client] (13)Permission denied: access to / denied

This made it look like apache was denying access for some reason. I verified apache config and confirmed it shouldn’t be denying anything. After some head scratching I came across this site which explained that Apache throws that error when it encounters filesystem access denied error messages.

I was confused because /var/www, where the websites live, had the appropriate permissions. After some digging I found that the culprit in my case was not /var/www, but rather the /var directory underneath /var/www. For some reason the rsync changed /var to not have any execute permissions (necessary for folder access.)  A simple

chmod o+rx /var/

resolved my problem. Next time you get 403 it could be underlying filesystem issues and not apache at all.