Ubuntu/Debian CodeIgniter "User" and "Group" ?

[eluser]mpc[/eluser]
Q1: What 'User' (under Ubuntu/Debian) does/should CodeIgniter run ?

Q2: What 'User' and 'Group' should "own" the CodeIgniter code tree (directory and sub-directories)?


I apologize, in advance, if this has been answered; but, my 'Searches' did not turn up a clear, succinct definitive answer.

Thanks - for taking a moment - to Reply

[eluser]jedd[/eluser]
It's not so much codeigniter, as Apache (which runs PHP) that you are concerned about here.

On a plain vanilla Debian box the user and group are www-data

Note that if you're using MySQL, your database daemon is running as user mysql

All files under /var/www/ are, in general, best owned by www-data:www-data (user and group).

[eluser]mpc[/eluser]
[quote author="jedd" date="1249523264"]It's not so much codeigniter, as Apache (which runs PHP) that you are concerned about here.
On a plain vanilla Debian box the user and group are www-data
...
All files under /var/www/ are, in general, best owned by www-data:www-data (user and group).[/quote]

Thanks, jedd. So, PHP and CodeIgniter "run" as the Apache www-data User?

In trying to be a 'good boy' and 'Search' before asking, I did discover about the Apache www-data user:group. I chown'd both my /var/www/ and /var/CodeIgniter/ directories and sub-directories to be owned by www-data.

But, now, I can't edit/write/develop those files. Since the www-data Group is said to have Read/Write Permissions, I adduser'd my (mike) User account to the www-data Group. No dice ... :down:

I suspect that this is because www-data is a service-User,, rather than an application-user? ... and that a service-User might not have Write Permissions?

question: What is the proper way to setup a development (non-Internet-facing) notebook computer?

In two weeks of forums readings I've not come across a succinct, definitive, elegant approach ... i.e. without giving up nearly all security by simply assigning 777 Permissions across the board ... user:group;other.

[eluser]jedd[/eluser]

Thanks, jedd. So, PHP and CodeIgniter "run" as the Apache www-data User?

Well .. pretty much, yes.

CI is a PHP framework - it's a bunch of code, like anything you could write yourself, written in PHP, and that runs as a normal PHP application, on a given box. On a Debian box this means it runs as the same user that apache runs as. Note that you could be running Apache as a suexec thing - which is a customisation for multi-user sites (this would include some hosting sites) where the apache child process is spawned to run as the same user/group ID as the user. Hmm, that doesn't sound very clear, sorry. Consider that on my university site, my php scripts run as user:jedd, group:jedd.

But this is a customisation that few people bother with on their own box, and it's certainly not installed that way out of the box.

To check, you can always do this:

Code:

$  ps -eo pid,user,group,args | grep apache

But, now, I can't edit/write/develop those files. Since the www-data Group is said to have Read/Write Permissions, I adduser'd my (mike) User account to the www-data Group. No dice ... :down:

It's probably to do with the fact that after you add a user to a group (using something like adduser username groupname) you need that user to log out and back in again before they take in their new groups. You can force if with chgrp, but it's a bit messy. It's simply easier to log out and back in again. You can check your group rights by running the command groups.

In any case, log out, log back in, check your groups, and check your effective rights (by making changes to files you think you should be able to change) and report back.

question: What is the proper way to setup a development (non-Internet-facing) notebook computer?

There are several ways, of course, and much depends on what other things you want to do. If you are sync'ing your home directory with another box, then you might be better developing in ~/public_html/ for example. This involves a module change in apache (a2en userdir .. or similar) but is pretty painless, and provides a fair degree of security (in the minimal-rights sense of the word security).

I tend to just do most of my work in /var/www/devel/ - and I do that work as my normal user account, which is part of www-data group.

Directories tend to be 775 (more from habit than anything else - in theory they should be fine with 770) and files are 664 (again they should be fine to be set to 660).

I keep my CI core stuff under each application's directory - for example /var/www/devel/pdb/ contains the following directories: app, assets, files, system
-- though I understand there are considered to be advantages to keeping the system directory outside the web root.

[eluser]jedd[/eluser]
Oh, I forgot to mention that over time, unless you have used the sticky bit on the /var/www directory, you will find that ownership ends up being you/you, rather than you/www-data - this is only a real problem if you share development activities with another user on the same box. By the sounds of it, this isn't going to be a problem for you. You can still read up on the sticky bit (few people know about them, let alone understand them, so it's a good bit of knowledge to have) or just periodically chown -R if the aesthetics of directory listings ever bother you.

[eluser]mpc[/eluser]
The logout/login worked! I had thought that file Permissions changes took effect, immediately. Duh? :question: That Group memberships require a logout/login is a subtle lesson, I guess?

There's nothing as sexy as "a suexec thing" going on, here.

In fact, I am using /var/public_html/, rather than the default /var/www/. To stick to the point, I didn't get into that. I put CodeIgniter in /var/CodeIgniter/ - so, CodeIgniter would not be within the publicly-visible directory tree. That required changing the Apache DocumentRoot directory in /etc/apache2/sites-available/default around line #4, I changed the DocumentRoot /var/www to DocumentRoot /var/public_html ... and re-started the Apache server, of course. :-P

I had the front-page working - until I made "the mistake" of SVN-updating the CodeIgniter directory tree. When I used to do this on Windows XAMPP with TortoiseSVN, it was smart enough not to override my edited settings. Now, I'm getting: "Fatal error: Call to a member function _ci_autoloader() on a non-object in /var/CodeIgniter/system/libraries/Controller.php on line 83" Maybe it overwrote my (SQLite) database library call? I'll have to explore those customizations ...

Anyhow, I wanted to get back and THANK YOU, right away, jedd. You're "a prince among men". :-) ... and I thank you.

[eluser]jedd[/eluser]
I would strongly suggest you revert to something resembling a normal layout - /var/www/ being the web root, and structuring things under there. I'd suggest you don't call your application 'CodeIgniter', as this will confuse you if you ever have another application using this framework. Just call it whatever your application is called - or a snazzy TLA, at the very least. I like having my development stuff living in a directory called /var/www/devel/ ,but realise that's not for everyone. (Do not call it 'dev' as that has quite a different meaning on *nix boxen.)

Anyway, yes, consider changing back to /var/www/ - your life will be much easier if you do as many packages, and pretty much every piece of Debian-related documentation, assume this to be the case.

[eluser]mpc[/eluser]
oh, fear not, jedd ...

I didn't label the application "CodeIgniter". CodeIgniter is just up OUT of the publicly-visible directory tree, like:

/var/CodeIgniter/...
/var/public_html/... where the publicly-visible sites reside.

This is to 'match' the DirectoryRoot-name, /public_html/, used by my web-host ... so, that I don't have to re-name and re-path everything, every time I FTP stuff up to the 'public' site.

[eluser]mpc[/eluser]
[quote author="mpc" date="1249532221"] Now, I'm getting: "Fatal error: Call to a member function _ci_autoloader() on a non-object in /var/CodeIgniter/system/libraries/Controller.php on line 83" Maybe it overwrote my (SQLite) database library call? I'll have to explore those customizations ...
[/quote]

It turns out that this was a newly-introduced CodeIgniter bug ... in the Controller.php file, which we never touch, of course. I 'inherited' the bug when I had SVN-updated. The bug was fixed by Ellis Labs and, when I further SVN-updated to version 1.721, the bug had been fixed and the problem went away, again.