#!/bin/bash
#
# setup_testenv.sh — General PHP development environment setup for Fedora
# Usage: bash setup_testenv.sh
# Sets up Apache (httpd) with PHP to serve /var/www/html on localhost
# Requires sudo privileges for package installation and service management
#
# PRIVILEGE SEPARATION: This script must NOT be run as root.
# The running user should not have direct rights to install packages
# (i.e., must use sudo which requires authentication).
#
set -euo pipefail
# ── Colors for output ─────────────────────────────────────────────────────
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# ── Check for privilege separation ─────────────────────────────────────────
echo "→ Checking user privileges..."
CURRENT_USER=$(whoami)
# Check if running as root (violates privilege separation)
if [[ $EUID -eq 0 ]]; then
echo -e "${RED}ERROR: This script should not be run as root directly.${NC}"
echo " Please run as a normal user with sudo privileges."
echo " This ensures proper separation of privileges."
exit 1
fi
echo -e "${GREEN}✓${NC} Not running as root (good for privilege separation)"
# Check if user has sudo privileges (Fedora uses wheel group for sudo access)
if groups | grep -qw wheel; then
echo -e "${GREEN}✓${NC} User '$CURRENT_USER' is in wheel group (has sudo privileges)"
else
echo -e "${YELLOW}WARNING:${NC} User '$CURRENT_USER' is not in the wheel group."
echo " This user may not have sudo privileges required for this script."
echo " The script will attempt to use sudo, which may prompt for a password."
echo ""
read -p " Continue anyway? (y/N) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Aborting."
exit 1
fi
fi
echo ""
echo "Note: sudo commands will prompt for your password if required."
# ── Configuration ─────────────────────────────────────────────────────────
DOCROOT="/var/www/html"
APACHE_USER="apache"
APACHE_GROUP="apache"
APACHE_CONF="/etc/httpd/conf.d/dev.conf"
# ── 1. Install Apache, PHP, and required modules ──────────────────────────
echo ""
echo "→ Installing Apache (httpd), PHP, and required modules..."
sudo dnf install -y httpd php php-json php-mbstring php-xml php-fpm jq acl
echo -e "${GREEN}✓${NC} Packages installed"
# ── 2. Ensure document root exists ────────────────────────────────────────
echo ""
echo "→ Ensuring document root exists: $DOCROOT"
sudo mkdir -p "$DOCROOT"
echo -e "${GREEN}✓${NC} Document root ready"
# ── 3. Set ownership and permissions for Apache + current user ────────────
echo ""
echo "→ Setting permissions for user '$CURRENT_USER' and Apache user '$APACHE_USER'..."
# Ensure ACL support is available (should be installed now)
if ! command -v setfacl &>/dev/null; then
echo " Installing ACL tools..."
sudo dnf install -y acl
fi
# Set ownership to current user (so user can easily create files)
sudo chown -R "$CURRENT_USER:$CURRENT_USER" "$DOCROOT"
# Set base permissions
sudo chmod 0755 "$DOCROOT"
# Set ACLs so both the current user and Apache can read/write
sudo setfacl -R -m u:"$CURRENT_USER":rwx,u:"$APACHE_USER":rwx "$DOCROOT"
sudo setfacl -R -d -m u:"$CURRENT_USER":rwx,u:"$APACHE_USER":rwx "$DOCROOT"
# Also allow the apache group to access
sudo setfacl -R -m g:"$APACHE_GROUP":r-x "$DOCROOT"
sudo setfacl -R -d -m g:"$APACHE_GROUP":r-x "$DOCROOT"
echo -e "${GREEN}✓${NC} Permissions configured (ACLs set for $CURRENT_USER and $APACHE_USER)"
# ── 4. Create/update Apache configuration ─────────────────────────────────
echo ""
echo "→ Creating Apache configuration: $APACHE_CONF"
sudo tee "$APACHE_CONF" > /dev/null << EOF
# Development environment - serve /var/www/html on localhost
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
# Enable directory listing if no index file found
DirectoryIndex index.php index.html index.htm
# Ensure PHP files are processed
SetHandler application/x-httpd-php
EOF
echo -e "${GREEN}✓${NC} Apache configuration written"
# ── 5. Configure PHP for development ──────────────────────────────────────
echo ""
echo "→ Configuring PHP for development..."
PHP_INI="/etc/php.ini"
if [[ -f "$PHP_INI" ]]; then
# Backup original
sudo cp "$PHP_INI" "$PHP_INI.backup.$(date +%Y%m%d_%H%M%S)" 2>/dev/null || true
# Enable error display for development
sudo sed -i 's/^display_errors = .*/display_errors = On/' "$PHP_INI" 2>/dev/null || true
sudo sed -i 's/^display_startup_errors = .*/display_startup_errors = On/' "$PHP_INI" 2>/dev/null || true
sudo sed -i 's/^error_reporting = .*/error_reporting = E_ALL/' "$PHP_INI" 2>/dev/null || true
echo -e "${GREEN}✓${NC} PHP configured for development (errors displayed)"
fi
# ── 6. Enable and start httpd ─────────────────────────────────────────────
echo ""
echo "→ Enabling and starting httpd..."
sudo systemctl enable httpd
sudo systemctl restart httpd
echo -e "${GREEN}✓${NC} Apache (httpd) is running"
# ── 7. Configure SELinux permissions ─────────────────────────────────────
echo ""
echo "→ Configuring SELinux permissions..."
# Check if SELinux is enabled
if command -v getenforce &>/dev/null; then
SELINUX_STATUS=$(getenforce 2>/dev/null || echo "Disabled")
if [[ "$SELINUX_STATUS" != "Disabled" && "$SELINUX_STATUS" != "Permissive" ]]; then
echo " SELinux is enabled ($SELINUX_STATUS), setting contexts..."
# Install SELinux tools if not present
if ! command -v semanage &>/dev/null; then
echo " Installing SELinux management tools..."
sudo dnf install -y policycoreutils-python-utils
fi
# Set SELinux context for web content (readable/writable by httpd)
echo " → Setting httpd_sys_rw_content_t context for $DOCROOT..."
sudo semanage fcontext -a -t httpd_sys_rw_content_t "$DOCROOT(/.*)?" 2>/dev/null || \
sudo semanage fcontext -m -t httpd_sys_rw_content_t "$DOCROOT(/.*)?" 2>/dev/null || true
# Apply the contexts
sudo restorecon -Rv "$DOCROOT" 2>/dev/null || true
# Allow httpd to read/write to the document root via PHP
echo " → Setting SELinux boolean: httpd_can_network_connect..."
sudo setsebool -P httpd_can_network_connect on 2>/dev/null || true
# Allow httpd to send mail (sometimes needed for PHP mail())
sudo setsebool -P httpd_can_sendmail on 2>/dev/null || true
echo -e "${GREEN}✓${NC} SELinux contexts configured"
else
echo " SELinux is $SELINUX_STATUS, skipping SELinux configuration"
fi
else
echo " (SELinux tools not found, skipping SELinux configuration)"
fi
# ── 8. Open firewall for HTTP ─────────────────────────────────────────────
echo ""
echo "→ Configuring firewall for HTTP..."
if command -v firewall-cmd &>/dev/null; then
sudo firewall-cmd --permanent --add-service=http 2>/dev/null || true
sudo firewall-cmd --reload 2>/dev/null || true
echo -e "${GREEN}✓${NC} Firewall updated (HTTP service added)"
else
echo " (firewall-cmd not found, skipping firewall configuration)"
fi
# ── 9. Create a test PHP file ─────────────────────────────────────────────
echo ""
echo "→ Creating test PHP file..."
TEST_FILE="$DOCROOT/info.php"
sudo tee "$TEST_FILE" > /dev/null << 'EOF'
EOF
# Set proper ownership on the test file
sudo chown "$CURRENT_USER:$CURRENT_USER" "$TEST_FILE"
sudo setfacl -m u:"$APACHE_USER":r "$TEST_FILE"
echo -e "${GREEN}✓${NC} Test file created: $TEST_FILE"
# ── Done ───────────────────────────────────────────────────────────────────
echo ""
echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN} Setup complete!${NC}"
echo -e "${GREEN}========================================${NC}"
echo ""
echo " Document root : $DOCROOT"
echo " Served at : http://localhost/"
echo " Test page : http://localhost/info.php"
echo ""
echo " Next steps:"
echo " 1. Open http://localhost/ in your browser"
echo " 2. Place your PHP files in $DOCROOT"
echo " 3. Check httpd status: sudo systemctl status httpd"
echo " 4. View PHP errors: sudo tail -f /var/log/httpd/error_log"
echo " 5. Check SELinux denials: sudo ausearch -m AVC -ts recent"
echo ""
echo -e "${YELLOW}Note:${NC} Files created in $DOCROOT will be owned by $CURRENT_USER"
echo " and accessible by Apache. Use standard file permissions"
echo " or ACLs if you need to adjust access for specific files."
echo ""