Use NFS mount for Apache/PHP user uploads

Question

Hi! I’m setting up a configuration with multiple webservers (all Ubuntu 20) which run behind a load balancer, and a fileserver (not behind that load balancer) for serving static files like user uploads.

I’ve mounted a directory from the fileserver to my webservers, and I’m able to read and write to that directory, but only when I use the sudo command.

I would like to be able to move uploaded files from Apache/PHP over to the mounted NFS directory so that the files will be accessible from a central location. The NFS mount will only be used to move and delete files to and from that shared directory, not to serve the actual files to the end user. This writing and deleting doesn’t work right now, since PHP (or Apache) doesn’t use sudo and hasn’t got the correct permissions.

What’s the best solution to solve this problem? Or are there better solutions to handle this?

Thanks :)

Answer 1

Yannek November 27, 2020

Hi,
The idea is to set up writing permission to NFS share for the owner of Apache and PHP processes on your web servers. To be successful with such scenario, it has to be the same user (the same uid) on every single web server in your configuration. Luckily, your environment seems to be homogenic, so we can be optimistic :) However, you need to check some things to be 100% sure. First check what a user is behind Apache/PHP processes:

ps -efjH | grep -i -e apache -e php

Outputroot       10892       1   10892   10892     php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
www-data   10903   10892   10892   10892       php-fpm: pool www
www-data   10904   10892   10892   10892       php-fpm: pool www
root       11074       1   11074   11074     /usr/sbin/apache2 -k start
www-data   11075   11074   11074   11074       /usr/sbin/apache2 -k start
www-data   11076   11074   11074   11074       /usr/sbin/apache2 -k start

I believe it is www-data in your case, since you use Ubuntu distro. It might be another user if you changed Apache’s default configuration.
Though you can see a root user in some lines of the result, the processes which effectively work are their child processes, having www-data user privileges.

The next thing you need to check is the user id of www-data. Even if a user name is the same across the hosts, a user id may differ. You can find uid in passwd file. Run below command:

sudo cat /etc/passwd | grep www-data

Output
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin

Uid of www-data is 33. This user belongs to its own user group www-data only.You should get the same result on each host in your configuration.
Now, you need to change an ownership of your NFS share. You will be able to do that locally in the system that hosts this share. This system has to contain www-data user in its configuration too.

sudo chown -R www-data:www-data /var/nfs-share/

Use -R parameter to apply the settings to all subdirectories and files. Substitute /var/nfs-share/ with your actual NFS share.
Just in case, you could propagate appropriate rights across the share:

sudo chmod -R 755 /var/nfs-share/

Now you can mount NFS share under a subdirectory in the www root directory on web server. PHP app should be able to write to it now.

Reply Report

Related

Question

Use NFS mount for Apache/PHP user uploads

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Use NFS mount for Apache/PHP user uploads

Related

Leave a comment

Related

question

Apache2 folders permissions - Ubuntu 20.04

question

I cannot upload files to Ubuntu by php

question

How to configure Apache and PHP-FPM to support multiple subdomains?

question

Site can't be reached anymore

Looking for something else?