Razzi: Created page with "

 2025-06-16 10:27:47	-->	razzi [razzi] (razzi) (~razzi@user/razzi) has joined #php 2025-06-16 10:27:47	--	Topic for #php is "This is a code help channel. Stable PHP versions: 8.4.7, 8.3.21, 8.2.28, 8.1.32 · /msg php-bot guidelines · Be respectful & keep your language clean · Use a paste site for code · http://hashphp.org has some useful links" 2025-06-16 10:27:47	--	Topic set by __adrian (~adrian@user/adrian/x-7832151) on Fri, 09 May 2025 11:28:41 2025-06-16 10:..."

2025-06-16T18:52:41Z

Created page with "<pre> 2025-06-16 10:27:47 --> razzi [razzi] (razzi) (~razzi@user/razzi) has joined #php 2025-06-16 10:27:47 -- Topic for #php is "This is a code help channel. Stable PHP versions: 8.4.7, 8.3.21, 8.2.28, 8.1.32 · /msg php-bot guidelines · Be respectful & keep your language clean · Use a paste site for code · http://hashphp.org has some useful links" 2025-06-16 10:27:47 -- Topic set by __adrian (~adrian@user/adrian/x-7832151) on Fri, 09 May 2025 11:28:41 2025-06-16 10:..."

New page

<pre>
2025-06-16 10:27:47 --> razzi [razzi] (razzi) (~razzi@user/razzi) has joined #php
2025-06-16 10:27:47 -- Topic for #php is "This is a code help channel. Stable PHP versions: 8.4.7, 8.3.21, 8.2.28, 8.1.32 · /msg php-bot guidelines · Be respectful & keep your language clean · Use a paste site for code · http://hashphp.org has some useful links"
2025-06-16 10:27:47 -- Topic set by __adrian (~adrian@user/adrian/x-7832151) on Fri, 09 May 2025 11:28:41
2025-06-16 10:27:47 -- Channel #php: 237 nicks (1 op, 1 voiced, 235 regular)
2025-06-16 10:27:49 -- Channel created on Wed, 19 May 2021 08:43:11
2025-06-16 10:28:28 <-- CiaoSen (~Jura@2a02:8071:64e1:da0:5a47:caff:fe78:33db) has quit (Ping timeout: 272 seconds)
2025-06-16 10:29:32 razzi Hi, what's the easiest way to create an apache php site in a directory owned by a normal user (so editing it wouldn't require sudo)? I know I can use php -S localhost:5000 from the directory, but I'm looking for a way that would run in the background with apache
2025-06-16 18:32:49 lembron razzi easier than what? or what part of the puzzle is unclear?
2025-06-16 18:35:19 razzi Well I haven't been able to get apache to work outside of the default /var/www - so I'm looking for an easier way to work on a site than editing the files there with sudo every time
2025-06-16 18:35:23 AllenJB Assuming you're on linux, you can use groups to allow both Apache / php-fpm and the user to have write access to a directory at the same time.
2025-06-16 18:36:10 AllenJB PHP-FPM allows you to change the user scripts run as on a per-pool basis.
2025-06-16 18:36:57 AllenJB (Note: I don't recommend running web scripts as the same user that uploads the .php files. Web scripts should not have write access to their own code)
2025-06-16 18:39:28 razzi I'm curious if the /srv directory is conventionally used this way, as I see it mentioned in the apache2.conf. I'm thinking I can make that directory accessible to edit by my normal user and read by my run user www-data
2025-06-16 18:39:44 lembron or: so what have yu tried? ;D - in a way just changing that documentroot should already do - dropping your own vhost in is a bit "cleaner" - and if thefolder doesnt even matter, just set the access rights to var/ww as you need?
2025-06-16 18:39:54 --> magla [magla] (realname) (~gelignite@195.52.54.74) has joined #php
2025-06-16 18:40:47 lembron "if srv is used" depends a bit on distro/admin...
2025-06-16 18:40:49 razzi I considered just making /var/www editable by my user, but it feels off ... for example putting a git repository in the /var directory seems fishy
2025-06-16 18:41:18 razzi I feel like I'm missing some obvious solution, maybe even just a symlink would work?
2025-06-16 18:41:43 AllenJB Doesn't really matter where on the filesystem the site files are located. The permissions setup you want would be the same.
2025-06-16 18:41:54 lembron sidenote: GIT_DIR can be something entirely different --- but yes mingling those things is ugly as hell ;) so having those with a vhost "somewhere else" is certianly the nicer
2025-06-16 18:42:32 razzi Basically my requirements are: editable files by non-root user, located in that user's home directory, running on localhost:5000 without having to add paths to the url etc
2025-06-16 18:43:00 lembron apache can follow symlinks, but i think its off by default
2025-06-16 18:43:18 razzi I could daemonize php -S and all problems solved too?? Or just go back to what I had working with a tmux split and php -S running
2025-06-16 18:43:24 lembron if its just localhosting, id just edit the directory Root line in the edfault config and fine is
2025-06-16 18:44:19 lembron php -S is not "production" - how real that is as dev-system "kinda depends" i guess
2025-06-16 18:44:44 lembron if fpm is to much config to mess with, mod_php is still there and fine too
2025-06-16 18:45:25 razzi I have php support just from `apt-get install php` on ubuntu, I think that's mod_php
2025-06-16 18:45:28 lembron and then its purely apt-get and one texteditor session and donzo (note youll need a <directory> block to set allowed-access on it too
2025-06-16 18:45:34 thumbs For mod_php, you have to be more careful with configuring httpd, especially with high loads.
2025-06-16 18:45:53 razzi It's just for local development, so performance isn't much a concern
2025-06-16 18:46:14 lembron also on localhosting, considerd docker and there like? - as much terrible it has, for stuff like thats its awesome ;P
2025-06-16 18:47:09 razzi huh yeah I guess docker/podman would work, but part of the hope here is to have it running in the background without having to manage any other processes
2025-06-16 18:49:10 razzi I was able to get localhost:5000 to bind by making a 001-dev.conf in sites-available, and a2ensite it (and edit ports.conf and apache2.conf) ... but then accessing localhost:5000 gave me 403 Forbidden
2025-06-16 18:49:42 razzi I guess I have to add a read permission to the apache user for the directory .. and its parent directories?
2025-06-16 18:50:00 lembron 14. but this should kinda string you along https://stackoverflow.com/questions/5891802/how-do-i-change-the-root-directory-of-an-apache-server
2025-06-16 18:50:18 lembron (irst reply there)
2025-06-16 18:50:20 thumbs Step 1: always look at the error log.
2025-06-16 18:50:33 thumbs Step 2. Don't "guess".
2025-06-16 18:50:53 --> martymcflyyy [martymcflyyy] (Martin Something) (~martymcfl@user/martymcflyyy) has joined #php
2025-06-16 18:51:56 razzi Oh cool I just looked at /var/log/apache2/error.log for the first time, and I see: "access to / denied (filesystem path '/home/razzi/hack') because search permissions are missing on a component of the path"
2025-06-16 18:53:13 razzi and I looked at the stackoverflow link lembron posted and ran the `sudo adduser www-data $USER`, restarted apache and it works!
2025-06-16 18:53:32 razzi So I was closer than I thought, just needed that `adduser`
2025-06-16 18:53:55 lembron *thumbsup*
2025-06-16 18:55:28 thumbs razzi: You don't want to set the docroot to /home/user/foo, no.
2025-06-16 18:55:52 thumbs razzi: Set it to /var/www/somethingelse, and add a symlink to that path in your home directory.
2025-06-16 18:55:54 <-- martymcflyyy (~martymcfl@user/martymcflyyy) has quit (Ping timeout: 260 seconds)
2025-06-16 18:56:27 thumbs I suggest undoing what you did, first.
2025-06-16 18:57:02 razzi thumbs: what's the advantage of making it a symlink?
2025-06-16 18:57:24 thumbs So you can easily cd to it when you open a terminal.
2025-06-16 18:57:53 thumbs i.e. cd mywebroot, which would redirect you to /var/www/mywebroot
2025-06-16 18:58:05 lembron thumbs ye why that? - that requires +followSymLinks whats potentially making it worse no?
2025-06-16 18:58:07 razzi Oh I see, you want the symlink to point the opposite direction than what I imagined
2025-06-16 18:58:16 thumbs lembron: No, it does not.
2025-06-16 18:58:20 <-- Arutemisu (~BadAdvice@user/badadvicecat) has quit (Read error: Connection reset by peer)
2025-06-16 18:58:30 thumbs lembron: The content would live in /var/www, and you would secure it normally.
2025-06-16 18:59:02 --> wolfravenous [wolfravenous] (wolfravenous) (~wolfraven@66.128.139.34) has joined #php
2025-06-16 18:59:02 thumbs You DO NOT want to open your /home/username directory to everyone, nor weaken the default security policies.
2025-06-16 18:59:41 thumbs httpd would never try to access /home/username/foo at all.
2025-06-16 19:00:09 thumbs This is how folks get compromised.
2025-06-16 19:00:39 lembron then ill extend on this - and say still "no dont put that in /var/www/project/htdocs cause chance /var/www/project/.git may bounce when you fudgeup configs and /var/www gets to be docroot again" - so here srv (or in debianland maybe more /opt?) would be choice ye...
2025-06-16 19:00:56 thumbs Sure, /srv/www/foo is fine.
2025-06-16 19:00:57 razzi I guess that's the crux of the issue: I want to be able to edit my server files like any other user file, but be able to access them on localhost:5000 through apache. I'd copy the files onto a different server for deployment (tho I'm just exploring php)
2025-06-16 19:01:25 razzi so yeah I think the way forward is /srv with my user able to edit
2025-06-16 19:01:45 thumbs razzi: You must not lax your security checks just because it's a 'development' machine. You'll end up doing the same in production.
2025-06-16 19:01:45 razzi not in user directory but not in root-owned /var/www either
2025-06-16 19:02:29 --> Arutemisu [BadAdviceCat] (Arutemisu) (~BadAdvice@user/badadvicecat) has joined #php
2025-06-16 19:03:27 thumbs Pick /srv/www/somepath if you prefer, that is fine.
2025-06-16 19:04:00 lembron "building dev just as secure" also helps on the "worked for me..." issue ;)
2025-06-16 19:04:47 thumbs Folks that skips the most basic security just makes me want to hang up my hat.
2025-06-16 19:05:37 razzi so let's say I do /srv/www/somepath - how should I set user / group, read / write / execute permissions? right now /srv is totally empty
2025-06-16 19:06:30 thumbs 755 for directories, 644 for files.
2025-06-16 19:06:55 thumbs You can chown the content to your user to make it more convenient.
2025-06-16 19:09:09 <-- wolfravenous (~wolfraven@66.128.139.34) has quit (Quit: Konversation terminated!)
2025-06-16 19:09:52 razzi ok cool now I have it working in /srv, so no apache access needed to /home (and I can even remove the adduser I did earlier)
2025-06-16 19:10:01 razzi and the directory in srv is owned by me, so I can edit as normal
2025-06-16 19:10:21 razzi ls
2025-06-16 19:10:24 razzi oops lol
2025-06-16 19:10:34 thumbs That sounds like the most efficient approach, yes.
2025-06-16 19:15:13 --> martymcflyyy [martymcflyyy] (Martin Something) (~martymcfl@user/martymcflyyy) has joined #php
2025-06-16 19:18:59 <-- DevAntoine (~DevAntoin@2a01cb0da07ec09100311bda2acaae7d.ipv6.abo.wanadoo.fr) has quit (Read error: Connection reset by peer)
2025-06-16 19:36:22 --> kc8hfi [kc8hfi] (Amey, Charles R) (~A007195@129.71.238.252) has joined #php
2025-06-16 19:37:33 <-- wbooze (~inline@ip-005-146-196-202.um05.pools.vodafone-ip.de) has quit (Quit: Leaving)
2025-06-16 19:42:36 <-- Linux_Kerio (~Linux_Ker@chello085216213137.chello.sk) has quit (Read error: Connection reset by peer)
2025-06-16 19:43:01 --> Linux_Kerio [Linux_Kerio] (LK) (~Linux_Ker@chello085216213137.chello.sk) has joined #php
2025-06-16 19:59:58 --> DevAntoine [DevAntoine] (DevAntoine) (~DevAntoin@2a01cb0da07ec0917c0c451f466f69f6.ipv6.abo.wanadoo.fr) has joined #php
2025-06-16 20:01:26 <-- eht (~Thunderbi@user/eht) has quit (Quit: well i guess it is good bye)
2025-06-16 20:03:09 <-- slow99 (~slow99@user/slow99) has quit (Ping timeout: 260 seconds)
2025-06-16 20:11:17 +TML razzi: maybe this was already discussed (I didn't go through the whole backlog), but I'll note that it's almost never a correct configuration to have the httpd have WRITE access to the path it serves files from
2025-06-16 20:16:26 +TML So what I do is /srv/www/vhosts/domain.tld - which has child paths for "/app" (the PHP code), "/conf" (for PHP configurations specific to that vhost), "/run" (for the fpm and database Unix sockets), "/uploads" (for where the httpd dumps uploaded content), and "/static" (for static content that I want to live on the edge/CDN)
2025-06-16 20:17:27 +TML not all domains use all folders - some only have a /static, some have no /static, most have no /uploads (I generally only give that to people using Wordpress)
2025-06-16 20:18:52 +TML and then I use bind-mounts into the containers to expose those paths to the container that actually runs that domain's site
2025-06-16 20:26:27 --> b3t10 [b3t10] (Albert) (~albert@user/b3t10) has joined #php
2025-06-16 21:08:16 --> rewrite [rwtrecs] (rewrite) (~rewrite@user/rwtrecs) has joined #php
2025-06-16 21:09:28 <-- sabet (~sabet@user/sabet) has quit (Quit: ZNC 1.8.2+deb2build5 - https://znc.in)
2025-06-16 21:11:28 --> sabet [sabet] (ZNC - https://znc.in) (~sabet@user/sabet) has joined #php
2025-06-16 21:30:19 <-- DevAntoine (~DevAntoin@2a01cb0da07ec0917c0c451f466f69f6.ipv6.abo.wanadoo.fr) has quit (Read error: Connection reset by peer)
2025-06-16 21:30:29 --> DevAntoine [DevAntoine] (DevAntoine) (~DevAntoin@2a01cb0da07ec091a8a115a53694b43c.ipv6.abo.wanadoo.fr) has joined #php
2025-06-16 21:36:40 <-- db__ (~db__@user/db-:46856) has quit (Quit: Client closed)
2025-06-16 21:37:09 --> amigojapan [amigojapan] (Ask Me) (uid86330@id-86330.helmsley.irccloud.com) has joined #php
2025-06-16 21:44:07 --> mixfix41 [mixfix41] (sdenyninne) (~retry@user/mixfix41) has joined #php
2025-06-16 21:47:46 --> wbooze [Inline] (inline) (~inline@ip-005-146-196-202.um05.pools.vodafone-ip.de) has joined #php
2025-06-16 21:50:54 -- irc: disconnected from server
</pre>

Blog: 2025-06-16 - Revision history