403 You don't have permission to access xxxx on this server. (sudo chown www-data:www-data -R /var/www)

May 3, 2014 50.6k views
Hello, I'm new using DigitalOcean I created a Droplets with Ubuntu 14.04, I followed the instructions in the Initial Server Setup, create a new user, change the SSH port, etc., I followed the tutorial for LAMP Stack on Ubuntu 14.04, I have installed Apache2, MySQL, PHP, Secure phpMyAdmin installation, configure the host to run through a domain (Setup Host Name), install WordPress; Postfix, ProFTPd for file transfer over SSH (sftp). When I was installing a Wordpress theme, I requested for details SSH keys, searching Google I found that assigning changing the public_html owner from my user to www-data, wordpress works fine! sudo chown www-data:www-data -R /var/www/html, the theme was installed without problems, I work several days without errors, until I tried the sftp via ssh. Using the sftp I had access to my user's folder but when I went to /var/www/html, there is not files or cannot see them, I realized that changing the permissions to www -data, my user did not have access to them, so I change the owner of the files to my new user, not root, I assign the chown to the new user created in the initial server setup. The page began to launch a 403 Forbidden. I put back chown to www-data on folder /var/www/ and now I see the index.php (Default page) but can’t navigate or see any post or subfolder, the server say: 403 " You do not have permission to access on this server xxxx." Any help?
2 comments
  • You should try this
    For apache2 below 2.4.7
    $ sudo chmod -R 777 /var/www/

    For apache2 2.4.7 onwards use following command
    $sudo chmod -R 777 /var/www/html/

  • Never ever set a folder to 777, especially using recursive flag. It will expose to security threats. Golden rule:

    Folder: 755, Upload Folder: 775, File: 644, Writable File: 664
    
3 Answers
While I don't know all of the details, it sounds like not all of your files are owned by www-data. One way to make sure is to run "chown -R www-data /var/www". The -R makes the command recursive, so it'll ensure that every file and subdirectory are also owned by www-data.

This is a symptom of a larger problem - one of the first problems I encountered in server management - how do you allow Apache to access the files while still being able to create / modify / transfer files using your normal user account? I'm no expert, but you might look into using user groups to solve the issue.

All of my public web files in /var/www belong to the www-data group (chgrp -R www-data /var/www) which allows Apache to access the files if permissions are set correctly, regardless of who owns the files.

This is only one possible approach; there are several.
Check this thread, too:

https://www.digitalocean.com/community/questions/permissions-sftp-v-wordpress
Thank you accounts!

stuffexchange, I follow the link, this solve my problems!


Have another answer? Share your knowledge.