|
|
@@ -0,0 +1,239 @@
|
|
|
+#!/bin/bash
|
|
|
+#
|
|
|
+# setup_testenv.sh — General PHP development environment setup for Fedora
|
|
|
+# Usage: bash setup_testenv.sh
|
|
|
+# Sets up Apache (httpd) with PHP to serve /var/www/html on localhost
|
|
|
+# Requires sudo privileges for package installation and service management
|
|
|
+#
|
|
|
+# PRIVILEGE SEPARATION: This script must NOT be run as root.
|
|
|
+# The running user should not have direct rights to install packages
|
|
|
+# (i.e., must use sudo which requires authentication).
|
|
|
+#
|
|
|
+
|
|
|
+set -euo pipefail
|
|
|
+
|
|
|
+# ── Colors for output ─────────────────────────────────────────────────────
|
|
|
+RED='\033[0;31m'
|
|
|
+GREEN='\033[0;32m'
|
|
|
+YELLOW='\033[1;33m'
|
|
|
+NC='\033[0m' # No Color
|
|
|
+
|
|
|
+# ── Check for privilege separation ─────────────────────────────────────────
|
|
|
+echo "→ Checking user privileges..."
|
|
|
+
|
|
|
+CURRENT_USER=$(whoami)
|
|
|
+
|
|
|
+# Check if running as root (violates privilege separation)
|
|
|
+if [[ $EUID -eq 0 ]]; then
|
|
|
+ echo -e "${RED}ERROR: This script should not be run as root directly.${NC}"
|
|
|
+ echo " Please run as a normal user with sudo privileges."
|
|
|
+ echo " This ensures proper separation of privileges."
|
|
|
+ exit 1
|
|
|
+fi
|
|
|
+
|
|
|
+echo -e "${GREEN}✓${NC} Not running as root (good for privilege separation)"
|
|
|
+
|
|
|
+# Check if user has sudo privileges (Fedora uses wheel group for sudo access)
|
|
|
+if groups | grep -qw wheel; then
|
|
|
+ echo -e "${GREEN}✓${NC} User '$CURRENT_USER' is in wheel group (has sudo privileges)"
|
|
|
+else
|
|
|
+ echo -e "${YELLOW}WARNING:${NC} User '$CURRENT_USER' is not in the wheel group."
|
|
|
+ echo " This user may not have sudo privileges required for this script."
|
|
|
+ echo " The script will attempt to use sudo, which may prompt for a password."
|
|
|
+ echo ""
|
|
|
+ read -p " Continue anyway? (y/N) " -n 1 -r
|
|
|
+ echo
|
|
|
+ if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
|
|
+ echo "Aborting."
|
|
|
+ exit 1
|
|
|
+ fi
|
|
|
+fi
|
|
|
+
|
|
|
+echo ""
|
|
|
+echo "Note: sudo commands will prompt for your password if required."
|
|
|
+
|
|
|
+# ── Configuration ─────────────────────────────────────────────────────────
|
|
|
+DOCROOT="/var/www/html"
|
|
|
+APACHE_USER="apache"
|
|
|
+APACHE_GROUP="apache"
|
|
|
+APACHE_CONF="/etc/httpd/conf.d/dev.conf"
|
|
|
+
|
|
|
+# ── 1. Install Apache, PHP, and required modules ──────────────────────────
|
|
|
+echo ""
|
|
|
+echo "→ Installing Apache (httpd), PHP, and required modules..."
|
|
|
+
|
|
|
+sudo dnf install -y httpd php php-json php-mbstring php-xml php-fpm jq acl
|
|
|
+
|
|
|
+echo -e "${GREEN}✓${NC} Packages installed"
|
|
|
+
|
|
|
+# ── 2. Ensure document root exists ────────────────────────────────────────
|
|
|
+echo ""
|
|
|
+echo "→ Ensuring document root exists: $DOCROOT"
|
|
|
+
|
|
|
+sudo mkdir -p "$DOCROOT"
|
|
|
+echo -e "${GREEN}✓${NC} Document root ready"
|
|
|
+
|
|
|
+# ── 3. Set ownership and permissions for Apache + current user ────────────
|
|
|
+echo ""
|
|
|
+echo "→ Setting permissions for user '$CURRENT_USER' and Apache user '$APACHE_USER'..."
|
|
|
+
|
|
|
+# Ensure ACL support is available (should be installed now)
|
|
|
+if ! command -v setfacl &>/dev/null; then
|
|
|
+ echo " Installing ACL tools..."
|
|
|
+ sudo dnf install -y acl
|
|
|
+fi
|
|
|
+
|
|
|
+# Set ownership to current user (so user can easily create files)
|
|
|
+sudo chown -R "$CURRENT_USER:$CURRENT_USER" "$DOCROOT"
|
|
|
+
|
|
|
+# Set base permissions
|
|
|
+sudo chmod 0755 "$DOCROOT"
|
|
|
+
|
|
|
+# Set ACLs so both the current user and Apache can read/write
|
|
|
+sudo setfacl -R -m u:"$CURRENT_USER":rwx,u:"$APACHE_USER":rwx "$DOCROOT"
|
|
|
+sudo setfacl -R -d -m u:"$CURRENT_USER":rwx,u:"$APACHE_USER":rwx "$DOCROOT"
|
|
|
+
|
|
|
+# Also allow the apache group to access
|
|
|
+sudo setfacl -R -m g:"$APACHE_GROUP":r-x "$DOCROOT"
|
|
|
+sudo setfacl -R -d -m g:"$APACHE_GROUP":r-x "$DOCROOT"
|
|
|
+
|
|
|
+echo -e "${GREEN}✓${NC} Permissions configured (ACLs set for $CURRENT_USER and $APACHE_USER)"
|
|
|
+
|
|
|
+# ── 4. Create/update Apache configuration ─────────────────────────────────
|
|
|
+echo ""
|
|
|
+echo "→ Creating Apache configuration: $APACHE_CONF"
|
|
|
+
|
|
|
+sudo tee "$APACHE_CONF" > /dev/null << EOF
|
|
|
+# Development environment - serve /var/www/html on localhost
|
|
|
+<Directory "$DOCROOT">
|
|
|
+ Options Indexes FollowSymLinks
|
|
|
+ AllowOverride All
|
|
|
+ Require all granted
|
|
|
+
|
|
|
+ # Enable directory listing if no index file found
|
|
|
+ DirectoryIndex index.php index.html index.htm
|
|
|
+</Directory>
|
|
|
+
|
|
|
+# Ensure PHP files are processed
|
|
|
+<FilesMatch \.php$>
|
|
|
+ SetHandler application/x-httpd-php
|
|
|
+</FilesMatch>
|
|
|
+EOF
|
|
|
+
|
|
|
+echo -e "${GREEN}✓${NC} Apache configuration written"
|
|
|
+
|
|
|
+# ── 5. Configure PHP for development ──────────────────────────────────────
|
|
|
+echo ""
|
|
|
+echo "→ Configuring PHP for development..."
|
|
|
+
|
|
|
+PHP_INI="/etc/php.ini"
|
|
|
+if [[ -f "$PHP_INI" ]]; then
|
|
|
+ # Backup original
|
|
|
+ sudo cp "$PHP_INI" "$PHP_INI.backup.$(date +%Y%m%d_%H%M%S)" 2>/dev/null || true
|
|
|
+
|
|
|
+ # Enable error display for development
|
|
|
+ sudo sed -i 's/^display_errors = .*/display_errors = On/' "$PHP_INI" 2>/dev/null || true
|
|
|
+ sudo sed -i 's/^display_startup_errors = .*/display_startup_errors = On/' "$PHP_INI" 2>/dev/null || true
|
|
|
+ sudo sed -i 's/^error_reporting = .*/error_reporting = E_ALL/' "$PHP_INI" 2>/dev/null || true
|
|
|
+
|
|
|
+ echo -e "${GREEN}✓${NC} PHP configured for development (errors displayed)"
|
|
|
+fi
|
|
|
+
|
|
|
+# ── 6. Enable and start httpd ─────────────────────────────────────────────
|
|
|
+echo ""
|
|
|
+echo "→ Enabling and starting httpd..."
|
|
|
+
|
|
|
+sudo systemctl enable httpd
|
|
|
+sudo systemctl restart httpd
|
|
|
+
|
|
|
+echo -e "${GREEN}✓${NC} Apache (httpd) is running"
|
|
|
+
|
|
|
+# ── 7. Configure SELinux permissions ─────────────────────────────────────
|
|
|
+echo ""
|
|
|
+echo "→ Configuring SELinux permissions..."
|
|
|
+
|
|
|
+# Check if SELinux is enabled
|
|
|
+if command -v getenforce &>/dev/null; then
|
|
|
+ SELINUX_STATUS=$(getenforce 2>/dev/null || echo "Disabled")
|
|
|
+ if [[ "$SELINUX_STATUS" != "Disabled" && "$SELINUX_STATUS" != "Permissive" ]]; then
|
|
|
+ echo " SELinux is enabled ($SELINUX_STATUS), setting contexts..."
|
|
|
+
|
|
|
+ # Install SELinux tools if not present
|
|
|
+ if ! command -v semanage &>/dev/null; then
|
|
|
+ echo " Installing SELinux management tools..."
|
|
|
+ sudo dnf install -y policycoreutils-python-utils
|
|
|
+ fi
|
|
|
+
|
|
|
+ # Set SELinux context for web content (readable/writable by httpd)
|
|
|
+ echo " → Setting httpd_sys_rw_content_t context for $DOCROOT..."
|
|
|
+ sudo semanage fcontext -a -t httpd_sys_rw_content_t "$DOCROOT(/.*)?" 2>/dev/null || \
|
|
|
+ sudo semanage fcontext -m -t httpd_sys_rw_content_t "$DOCROOT(/.*)?" 2>/dev/null || true
|
|
|
+
|
|
|
+ # Apply the contexts
|
|
|
+ sudo restorecon -Rv "$DOCROOT" 2>/dev/null || true
|
|
|
+
|
|
|
+ # Allow httpd to read/write to the document root via PHP
|
|
|
+ echo " → Setting SELinux boolean: httpd_can_network_connect..."
|
|
|
+ sudo setsebool -P httpd_can_network_connect on 2>/dev/null || true
|
|
|
+
|
|
|
+ # Allow httpd to send mail (sometimes needed for PHP mail())
|
|
|
+ sudo setsebool -P httpd_can_sendmail on 2>/dev/null || true
|
|
|
+
|
|
|
+ echo -e "${GREEN}✓${NC} SELinux contexts configured"
|
|
|
+ else
|
|
|
+ echo " SELinux is $SELINUX_STATUS, skipping SELinux configuration"
|
|
|
+ fi
|
|
|
+else
|
|
|
+ echo " (SELinux tools not found, skipping SELinux configuration)"
|
|
|
+fi
|
|
|
+
|
|
|
+# ── 8. Open firewall for HTTP ─────────────────────────────────────────────
|
|
|
+echo ""
|
|
|
+echo "→ Configuring firewall for HTTP..."
|
|
|
+
|
|
|
+if command -v firewall-cmd &>/dev/null; then
|
|
|
+ sudo firewall-cmd --permanent --add-service=http 2>/dev/null || true
|
|
|
+ sudo firewall-cmd --reload 2>/dev/null || true
|
|
|
+ echo -e "${GREEN}✓${NC} Firewall updated (HTTP service added)"
|
|
|
+else
|
|
|
+ echo " (firewall-cmd not found, skipping firewall configuration)"
|
|
|
+fi
|
|
|
+
|
|
|
+# ── 9. Create a test PHP file ─────────────────────────────────────────────
|
|
|
+echo ""
|
|
|
+echo "→ Creating test PHP file..."
|
|
|
+
|
|
|
+TEST_FILE="$DOCROOT/info.php"
|
|
|
+sudo tee "$TEST_FILE" > /dev/null << 'EOF'
|
|
|
+<?php
|
|
|
+phpinfo();
|
|
|
+?>
|
|
|
+EOF
|
|
|
+
|
|
|
+# Set proper ownership on the test file
|
|
|
+sudo chown "$CURRENT_USER:$CURRENT_USER" "$TEST_FILE"
|
|
|
+sudo setfacl -m u:"$APACHE_USER":r "$TEST_FILE"
|
|
|
+
|
|
|
+echo -e "${GREEN}✓${NC} Test file created: $TEST_FILE"
|
|
|
+
|
|
|
+# ── Done ───────────────────────────────────────────────────────────────────
|
|
|
+echo ""
|
|
|
+echo -e "${GREEN}========================================${NC}"
|
|
|
+echo -e "${GREEN} Setup complete!${NC}"
|
|
|
+echo -e "${GREEN}========================================${NC}"
|
|
|
+echo ""
|
|
|
+echo " Document root : $DOCROOT"
|
|
|
+echo " Served at : http://localhost/"
|
|
|
+echo " Test page : http://localhost/info.php"
|
|
|
+echo ""
|
|
|
+echo " Next steps:"
|
|
|
+echo " 1. Open http://localhost/ in your browser"
|
|
|
+echo " 2. Place your PHP files in $DOCROOT"
|
|
|
+echo " 3. Check httpd status: sudo systemctl status httpd"
|
|
|
+echo " 4. View PHP errors: sudo tail -f /var/log/httpd/error_log"
|
|
|
+echo " 5. Check SELinux denials: sudo ausearch -m AVC -ts recent"
|
|
|
+echo ""
|
|
|
+echo -e "${YELLOW}Note:${NC} Files created in $DOCROOT will be owned by $CURRENT_USER"
|
|
|
+echo " and accessible by Apache. Use standard file permissions"
|
|
|
+echo " or ACLs if you need to adjust access for specific files."
|
|
|
+echo ""
|
