On 20 June 2013 04:42, Anthony <lists@xxxxxxxxxxxxxxx> wrote: > On 06/19/2013 10:19 PM, Reindl Harald wrote: >> >> >> Am 20.06.2013 05:17, schrieb Anthony: >>> How do I add myself as co-owner of a directory? I set up a new >>> apache server and need to transfer files to /var/www/html. The >>> problem is, of course, I've denied root login but don't have >>> sufficient privs to login and transfer files under my username. >>> >>> How can I fix this? >> >> man chown man chgrp man setfacl >> >> generally the files should not be owned by apache and only >> writeable by the owner, in your case you >> >> from point of security it is very bad if the webserver has >> write-permissions because it may lead after a small breach in >> manipulated files wide opening the doors > > Thank you. In my case, it looked like root was one of the owners of > the directory but apache wasn't. The owners were listed as root and > me. But I couldn't write to it. > > I did a chown anthony: /var/www/html and that seems to have given me > write privs since I'm now the owner. I couldn't find the man page for > setfacl but I'll dig around the net and see if I can find it. > Just spotted this, so apologies if I've missed some other context, but to pick up on something you said here: It's very unsual to have two owners for a file or directory. It might be possible on some filesystems, but not normal Linux FS. I think you might be misinterpreting the ls -l output of something like (on this RHEL machine), $ls /var/lib/mlocate/ -lhd drwxr-x---. 2 root slocate 4.0K Jun 20 03:26 /var/lib/mlocate/ Where the second name indicates group, not a second owner. Group members are subject to the group permisions, here slocate doesn't have write access to this directory. As a normal user not in the group I don't have read or write access. > In the meantime, I'm assuming simply taking ownership of the directory > shouldn't open any security holes, right? > Well, weakening permissions always has some security implications, but as Harald said it's actually having the web server with write permission that is the thing to avoid. A separate group able to write to the www directory is the right way to do this, if only one user needs it then ownership instead is equivalent. -- imalone http://ibmalone.blogspot.co.uk -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
