[GRLUG] permission denied: apache group

Nathan Phillip Brink binki at gentoo.org
Sat Jan 7 15:47:07 EST 2012 

On Sat, Jan 07, 2012 at 03:42:53PM -0500, Eric Beversluis wrote:
> On Sat, 2012-01-07 at 15:25 -0500, Adam Tauno Williams wrote:
> > On Sat, 2012-01-07 at 15:18 -0500, Eric Beversluis wrote:
> > > I've got my WordPress files on localhost owned by apache (seemed to be
> > > the only way I could get WP to do automatic updates). Permissions set to
> > > 775.
> > > I've made myself a member of the apache group (confirmed that). But I
> > > get 'permission denied' when I try to create a new subdirectory in a WP
> > > directory (both from command line and from Nautilus).
> > > Is there something about apache that's blocking this? Or am I missing
> > > something else?
> > 
> > Do you have nscd running on the box?  [did you restart nscd after the
> > change of group membership]
> I think not. When I tried nscd -help I was prompted if I wanted to install it.

Whether or not nscd is running is very likely irrelevant _unless_ if
you already tried logging out and logging back in _directly_ after
running `gpasswd -a <username> apache'. You would check if nscd is
running by checking the output of `pidof nscd' generally (or using the
init.d system, `rc-service nscd status' on Gentoo for example).

> > If you run "id" in that session/terminal do you see yourself as a member
> > of the group?
> > id => "uid=500(eric) gid=500(eric) groups=500(eric)"

If this is the case, you need to restart your session. You can do this
in a subshell by doing `su $(whoami)' and then killing and restarting
autilus from within there. If you use a display manager, you can log
out of your X session and log back in to gain the apache group.

Even if you show up in `getent group apache', groups are only applied
to your user session at the time you log in. Otherwise the GIDs would
have to be continually looked up and group permissions could not be
enforced entirely by the kernel.

> > If you run "bash --login" and then try again does it work?
> Nope.
> Do I need to reboot to change group membership? Or restart apache to
> join that group?

Not quite, just log out of your user session and log back in if you
wish.

-- 
binki

Look out for missing or extraneous apostrophes!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20120107/f63741af/attachment.pgp>

More information about the grlug mailing list