Configuring Apache without changing User and Group

Instructions for installing EPrints on Red Hat based or Debian based Linux operating systems advises that you reconfigure Apache's configuration to set the Apache User and Group to eprints rather than apache (for Red Hat based Linux) or www-data (for Debian based Linux, where these settings are defined as APACHE_RUN_USER and APACHE_RUN_GROUP). It is not absolutely necessary to set eprints as the Apache User and Group but if you choose not to do this, the alternative configuration is somewhat more complex and may still lead to certain EPrints functionality not working as expected. Particularly functionality provided by Bazaar plugins or as a result of bespoke configuration.

If you choose to not configure eprints as the Apache User and Group you need to perform the following steps instead. If you want to make these changes to an existing EPrints repository, it is strongly recommended that you do this on a pre-production or test system first. This will allow you to test and fix any snags before changing your production system.

1. As the root user, add the eprints user to the apache or www-data group, (depending on the Linux OS you are running).

usermod -a -G apache eprints
usermod -a -G www-data eprints

2. As the root user, add the apache or www-data user, (depending on the Linux OS you are running), to the eprints group.

usermod -a -G eprints apache
usermod -a -G eprints www-data

3. Ensure that all the files and directories have the same permissions for the group as for the user. If you are just starting your EPrints installation this can be achieved by running one of the following commands as the root user. (The former command is already in the main installation instructions. Use the latter command if you do not want users other to be able to read EPrints code, configuration or uploaded files).

chmod 2775 /opt/eprints3
chmod 2770 /opt/eprints3

If you already have an EPrints repository, changing permissions is slightly more difficult. In theory, it should suffice to just run (as the root user) the following command to add group write permissions to all files and directories. (This may take some time if you have a lot of items in your archive).

chmod -R g+w /opt/eprints3

However, depending on how your permissions are currently set, this may not be sufficient and therefore is not recommended to follow the instructions on this page unless you have a good understanding of Linux filesystem permissions and how to use Apache's error logs to debug any issues that may result of following these instructions.

4. If you previously configured to use eprints as the Apache User and Group, change these back to their original values (e.g. apache in /etc/httpd/conf/httpd.conf for Red Hat based Linux and www-data in /etc/apache2/envvars for Debian based Linux).

5. As the root user, check your Apache configuration is still valid and then restart Apache. (Use apache2ctl rather than apachectl for Debian based Linux).

apachectl configtest
apachectl restart

6. Particularly if you are changing an pre-existing EPrints repository, thoroughly test all your repository's functionality. In particular, any functionality that interacts with other applications or services. E.g.

• Logging into your repository, particularly if you don't generally use local authentication (e.g. you use LDAP, Shibboleth, etc.)
• Creating new eprint records.
• Uploading and downloading documents.
• Check that abstract pages update after changing eprint records.
• Check browse view menus update after running epadmin refresh_views
• Searching for items. Particularly those newly added since following these instructions.
• Adding/editing phrases in the phrase editor.
• Starting and stopping the EPrints Indexer.
• Sending a test email.
• Any Bazaar plugins or bespoke functionality you have added to your EPrints repository.

If everything is working as expected, then you are done. If you encounter any problems, try using Apache's error logs to debug and update the files with incorrect permissions. If some functionality is still broken, then you may want to revert. It should be sufficient to just change the Apache User and Group back to eprints and restart Apache.