When I open a local web page, I get the following errors:
[core:error] [pid 1462:tid 140675121649216] (13)Permission denied: [client 127.0.0.1:36096] AH00035: Access to / denied (file system path '/home/bavramor/data') because search permissions are missing for a component of the path.
My folder structure is as follows: /home/bavramor/data/
bavramor = drwx------ bavramor users
data = drwxrwxrwx bavramor wwwrun
If I set the bavramor folder to 755 and bavramor:wwrun, the web pages all work again. However, the settings are overwritten as soon as I restart the computer. I have had this problem since the upgrade to 21.05. I’m using Apache/2.4.47.
What can I do? Surely I can’t change the settings via the configuration? What is the best way to do this? I would be very grateful for any tips.
Greetings Bavra
I’m assuming there’s some users.users configuration that you have in your configuration.nix (otherwise nix shouldn’t be aware of it). Do you mind posting it?
You’re running into this issue. You could add users.users.bavramor.createHome = false; to your configuration.nix to fix the issue.
Of course I can upload my configuration.nix here, I could have thought of it myself:
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"ffmpeg-2.8.17"
"adobe-reader-9.5.5-1"
];
# Use the systemd-boot EFI boot loader.
#boot.loader.systemd-boot.enable = true;
#boot.loader.efi.canTouchEfiVariables = true;
#grub boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub.useOSProber = true;
#boot.loader.grub.forceInstall = false; # RISKY!
boot.loader.grub.enable = true;
boot.loader.grub.copyKernels = true;
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.grub.efiSupport = true;
boot.loader.grub.fsIdentifier = "label";
#boot.loader.grub.splashImage = ./backgrounds/grub-nixos-3.png;
boot.loader.grub.splashMode = "stretch";
boot.loader.grub.devices = [ "nodev" ];
networking.hostName = "thorinshalle"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.enp37s0.useDHCP = true;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n = {
defaultLocale = "de_DE.UTF-8";
};
console.font = "Lat2-Terminus16";
console.keyMap = "de";
# Set your time zone.
time.timeZone = "Europe/Berlin";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
discord
wget
vim
google-chrome
chromium
vivaldi
firefox
libreoffice-fresh
filezilla
gparted
gimp
inkscape
scribus
guake
clementine
blender
cmus
vlc
git
hexchat
busybox
pciutils
deluge
transmission
jetbrains.phpstorm
drush
pulseeffects
unrar
ntfs3g
brasero
putty
xsane
cups
signal-desktop
empathy
kid3
adoptopenjdk-jre-bin
gnome3.gnome-tweaks
gnome3.evolution
evolution-data-server
keepassxc
php74Packages.composer2
adobe-reader
tor-browser-bundle-bin
jetbrains.goland
jetbrains.pycharm-professional
go_bootstrap
#numix-gtk-theme
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.bash.enableCompletion = true;
programs.mtr.enable = true;
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
environment.variables.WEBKIT_DISABLE_COMPOSITING_MODE = "1";
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.teamviewer.enable = true;
networking.extraHosts =
''
127.0.0.1 drupal
127.0.0.1 localhost
127.0.0.1 otrautwein.de
127.0.0.1 phpinfo
127.0.0.1 eab-local.de
127.0.0.1 vtigercrm650.de
127.0.0.1 vtigercrm-test.de
127.0.0.1 berlincrm.de
127.0.0.1 bruch-localhost.de
127.0.0.1 landwehrcie.de
'';
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
# Add file system entries for each partition that you want to see mounted
# at boot time. You can add filesystems which are not mounted at boot by
# adding the noauto option.
#
# Mount the media and data file system
fileSystems."/home/bavramor/media" = {
device = "/dev/disk/by-uuid/a2df9759-6a9f-4949-807e-5319b29cb469";
fsType = "ext4";
};
fileSystems."/home/bavramor/data" = {
device = "/dev/disk/by-uuid/52fc0b59-a497-4d38-881c-418242bbd5bc";
fsType = "ext4";
};
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "de";
services.xserver.xkbOptions = "eurosign:e";
services.xserver.videoDrivers = [ "amdgpu" ];
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
services.xserver.displayManager.lightdm.enable = true;
services.xserver.desktopManager.gnome3.enable = true;
services.gnome3.chrome-gnome-shell.enable = true;
nixpkgs.config.firefox.enableGnomeExtensions = true;
# Main services
services.postfix.enable = true;
services.sshd.enable = true;
services.mysql.enable = true;
services.mysql.package = pkgs.mysql;
#services.mysql.rootPassword = "/etc/mysql/mysql.password";
services.mysql.settings.mysqld = {
key_buffer_size = "6G";
table_cache = 1600;
log-error = "/var/log/mysql_err.log";
innodb_large_prefix = true;
innodb_file_format = "barracuda";
innodb_file_per_table = true;
};
services.httpd.adminAddr = "kontakt@robertrese.de";
services.httpd.enable = true;
#services.httpd.documentRoot = "/home/bavramor/data/Webdesign/Webseiten/";
services.httpd.enablePHP = true;
services.httpd.phpPackage = pkgs.php74;
#services.httpd.hostName = "localhost";
services.httpd.phpOptions =
''
display_errors = On
display_startup_errors = On
post_max_size = 200M
upload_max_filesize = 200M
max_execution_time = 6000
max_input_time = 3000
mbstring.http_input = pass
mbstring.http_output = pass
mbstring.internal_encoding = pass
memory_limit = 2G;
allow_url_include = On;
opcache.enable=1;
opcache.memory_consumption=128;
opcache_revalidate_freq = 240;
opcache.max_accelerated_files=4000;
'';
services.httpd.virtualHosts."landwehrcie.de" = {
serverAliases = ["landwehrcie.de"];
documentRoot = "/home/bavramor/data/Webdesign/Webseiten/landwehrcie/web";
extraConfig =
''
<Directory "/home/bavramor/data/Webdesign/Webseiten/landwehrcie/web">
DirectoryIndex index.php index.htm index.html
Allow from All
Options FollowSymLinks
AllowOverride All
</Directory>
'';
};
# Define a user account. Don't forget to set a password with ‘passwd’.
# users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
# };
users.extraUsers.bavramor = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "tty" "messagebus" "postfix" "postdrop" "audio" "disk" "uucp" "lp" "video" "wwwrun" "adm" "lightdm" "mysql"];
home = "/home/bavramor";
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "19.09"; # Did you read the comment?
}
I would have to set the user rights for /bavramor in /home/bavramor and the write rights to 755 so that it works permanently.
Thanks
But what does the part to make it solve my problem. Unfortunately I do not understand it yet?