Hi! I’m setting up a configuration with multiple webservers (all Ubuntu 20) which run behind a load balancer, and a fileserver (not behind that load balancer) for serving static files like user uploads.

I’ve mounted a directory from the fileserver to my webservers, and I’m able to read and write to that directory, but only when I use the sudo command.

I would like to be able to move uploaded files from Apache/PHP over to the mounted NFS directory so that the files will be accessible from a central location. The NFS mount will only be used to move and delete files to and from that shared directory, not to serve the actual files to the end user. This writing and deleting doesn’t work right now, since PHP (or Apache) doesn’t use sudo and hasn’t got the correct permissions.

What’s the best solution to solve this problem? Or are there better solutions to handle this?

Thanks :)

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi,
The idea is to set up writing permission to NFS share for the owner of Apache and PHP processes on your web servers. To be successful with such scenario, it has to be the same user (the same uid) on every single web server in your configuration. Luckily, your environment seems to be homogenic, so we can be optimistic :) However, you need to check some things to be 100% sure. First check what a user is behind Apache/PHP processes:

ps -efjH | grep -i -e apache -e php
Output
root 10892 1 10892 10892 php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf) www-data 10903 10892 10892 10892 php-fpm: pool www www-data 10904 10892 10892 10892 php-fpm: pool www root 11074 1 11074 11074 /usr/sbin/apache2 -k start www-data 11075 11074 11074 11074 /usr/sbin/apache2 -k start www-data 11076 11074 11074 11074 /usr/sbin/apache2 -k start

I believe it is www-data in your case, since you use Ubuntu distro. It might be another user if you changed Apache’s default configuration.
Though you can see a root user in some lines of the result, the processes which effectively work are their child processes, having www-data user privileges.

The next thing you need to check is the user id of www-data. Even if a user name is the same across the hosts, a user id may differ. You can find uid in passwd file. Run below command:

sudo cat /etc/passwd | grep www-data
Output
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin

Uid of www-data is 33. This user belongs to its own user group www-data only.You should get the same result on each host in your configuration.
Now, you need to change an ownership of your NFS share. You will be able to do that locally in the system that hosts this share. This system has to contain www-data user in its configuration too.

sudo chown -R www-data:www-data /var/nfs-share/

Use -R parameter to apply the settings to all subdirectories and files. Substitute /var/nfs-share/ with your actual NFS share.
Just in case, you could propagate appropriate rights across the share:

sudo chmod -R 755 /var/nfs-share/

Now you can mount NFS share under a subdirectory in the www root directory on web server. PHP app should be able to write to it now.

Submit an Answer