Permissions: What's the right way to give Apache more user permissions?

The first-best thing would be to put the script in a standard location (such as /usr/local/bin) where the web server would have sufficient permissions to execute it.

If that's not an option, you can change the group of the script using chgrp groupname path, then make it executable for the group by chmod g+x path. If the _www user isn't already in that group, add it to the group by usermod -aG groupname _www.

To answer your question, it's better to give the _www group permission to execute your scripts.

Use an ACL to extend the permissions on your *.sh scripts to allow a user in the _www group execute privilege:

cd /Path/To/Custom
setfacl -m g:_www:rx *.sh

Also check each directory component of /Path/To/Custom & verify that apache has permission to access (i.e. 'see') the scripts in /Path/To/Custom:

ls -ld /Path
ls -ld /Path/To
ls -ld /Path/To/Custom

Each directory component above should grant apache a minimum of execute permission apart from the final component (Custom) where apache needs both execute & read permission. e.g. if all the directory components above have other permissions of r-x then apache has all the access rights it needs to find your scripts in the Custom directory.

Permissions: What's the right way to give Apache more user permissions?

Tags:

Php

Permissions

Apache Httpd

Related

Recent Posts