I am new to Linode (and the VPS world in general), and I have searched the forums, wiki, etc., but I am having problems getting my MediaWiki installation to work. I have 5 or 6 installations running on my local machine and a shared host using shared code (on each machine, that is) and unique LocalSettings.phps, extensions, etc. The shared host is running on an i686 kernel (CentOS, I believe), and my Mac is an Intel Core2Duo running OS 10.5.6. My guess is that the architecture makes no difference. Any thoughts?

If not, for MediaWiki, I keep all my sensitive info (db user/pass, e.g.) in an external php file (outside the webroot in case my AddHandler settings ever get hosed) that I include in LocalSettings.php (it's also handy for keeping a single LocalSettings template - my external files also hold variables that I use to substitute in the 6 or 7 places in LocalSettings where they are site-specific).

On my shared host, Apache runs as my user, so permissions are not really an issue. On my local machine, I'm using XAMPP (on Mac OS X), so the permissions are a bit odd, but generally, I let the webserver own everything, then put it in my group (result: if permissions are, e.g., 600 on the shared host, they would be 660 on my local one).

On Linode, I have installed Apache, MySQL, and PHP. I have Apache working (without VirtualHosts for the moment--that seems like another project) on both port 80 and port 443 (SSL), and I've successfully installed SSL certs, etc. I've gotten my firewall set up, my SSH set to a non-standard port, etc. All that was a great learning experience, and somehow it all works--even phpmyadmin (except it takes me to a login page rather than an Auth window - sill works though). I installed everything using apt-get following instructions I found on the Linode wiki (some better than others, but I tinkered until it worked). Everything seems to work except for MediaWiki (I still outsource my DNS and mail--I'm not that brave yet).

My DocumentRoot is /var/www. I tried changing the ownership/permissions on subdirectories to my username/group so that I wouldn't have to "sudo" every time I edit something. (I have since changed them back to "root").

I have enabled mod_rewrite, mod_ssl, mod_suexec, etc. (a2enable xxx)

When I try to get to my MediaWiki page, I get the following error:

Warning: include_once(/home/username/external_includes/00003/0000304elsincludes.php) [function.include-once]: failed to open stream: Permission denied in /var/www/client/00003/04/mw/LocalSettings.php on line 39

Line 39 is where I include the external file.

[removed for security]

I am redirecting to 0000304 through an .htaccess rewrite because that is what my shared host requires, and it will make migration much easier (I do the same thing on my local machine) - once (if) I'm completely moved over, I'll consider changing to an apache2.conf alias.

Here's my .htaccess file (in /var/www):

Options -Indexes
Options +FollowSymLinks

SetEnv TZ America/New_York

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^0000304/?(.*)$ /client/00003/04/mw/index.php?title=$1 [PT,L,QSA]

I have config files in /var/www/ and aliases to the common code in my /home/username/ directory to run multiple sites (saves a lot of disk space); this is no problem on my XAMPP setup at home (running on a Mac) and on the shared host from which I'm (planning to be) migrating.

I changed the owner to www-data (what I could surmise from ps -waux showing what user was running httpd), and left the group at username so that I wouldn't have to "sudo" to do anything. No luck.

I understand that I may have to "sudo", and that's fine, so long as I can get the site running....

So, I've tried the following (originally files owned by my username):

sudo chmod -R 660 LocalSettings.php

sudo chown -R root *

sudo chgrp -R root *

-same result

sudo chown -R www-data *

sudo chgrp -R www-data *

-same result.

I'm about to rip out what little hair I have left and I'm at the end of my rope in terms of searching (in vain) for any documentation on how to fix this issue.

[cut for security]


Any help would be great, thanks!

PS: "Line 39" refers to my external php file that is owned root/root (user/group); permissions are 650.

The first thing is to determine what user and group Apache is running as ("www-data" is typical for both on Ubuntu, so I'll assume this). Changing the owner/group of LocalSettings.php will not affect this, only changing the Apache config or command line options will. For sanity's sake, I'd suggest staying with the default.

Then you must have proper permissions to read the file you're trying to include. To read the file '/home/lawgyont/external_includes/00003/0000304elsincludes.php', the www-data user or group must have:

• execute permission on /home
• execute permission on /home/lawgyont
• execute permission on /home/lawgyont/external_includes
• execute permission on /home/lawgyont/external_includes/00003
• read permission on /home/lawgyont/external_includes/00003/0000304elsincludes.php

It is typical for users' home directories to have execute permissions set for others (everyone), so you probably will not need to change this. Likely the easiest way to make the file itself readable by Apache (but not by everyone on the system) is:

# cd /home/lawgyont/external_includes/00003/
# chgrp -v www-data 0000304elsincludes.php
changed group of `0000304elsincludes.php' to www-data
# chmod -v 640 0000304elsincludes.php
mode of `0000304elsincludes.php' changed to 0640 (rw-r-----)
# ls -l 0000304elsincludes.php
-rw-r----- 1 root www-data 123 Mar 15 18:41 0000304elsincludes.php

I think that ought to work, but I'm not very familiar with Mediawiki...

Yes! Thank you for the very helpful reply. I'm up and running. Sometimes when I stare at something for hours on end, I miss the obvious.

Thanks for the reminder on the "x" permissions bit in higher-level directories - can't cd to read something without it....

I also moved the "include" file out of the home directory (doesn't really belong there in any case) and fixed permissions to be a bit more consistent with my other systems.