I have inherited a very large php application that creates and caches files based on the contents of various config files.  These cached files are being created with owner and group both set to 'root' and then apache, running as 'www-data', can't read the files for later use.

The web root directory is owned by 'root' and has group permissions for 'root', but the application directory is owned and has group permissions for 'www-data'.

The main apache process is running as 'root' because it needs to bind to ports 80 and 443, but all the worker processes (?) are running as 'www-data'.  How is it apache can create files with 'root' ownerhsip and group permissions but not read them?  Wouldn't apache have to be running as 'root' to not only make but overwrite these cache files?
Jeremy Davis's picture

Apache should not be able to write files as root (nor should it be doing it). TurnKey is based on Debian and AFAIK there is no way to get any of the worker processes to run as root with the default Debian version of Apache. AFAIK to do that you'd need to recompile Apache from source to specifically allow it (which would be a very dangerous thing to do!)

Are you sure that the Apache process is the one actually creating the files? Perhaps they are being made by a cron job or soemething?

Also by default many TurnKey appliances have the default www-data directory tree (/var/www) owned by root, with only the files that they need to write to owned by www-data. Generally though, the files are set to allow read only (i.e. Apache can still read them).

All in all sounds very strange to me...

Add new comment