Re: apache access permission

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On October 17, 2012 7:09 , jupiter <jupiter.hce@xxxxxxxxx> wrote:
I installed httpd on CentOS 6.2, there is apache user name, but there
is no apache home directory. I have php files which need to access an
ssh key for ssh communication, but the ssh key is "-rw-------"
permission which deny apache to access it. How do you handle apache
access permission? Should I create an apache home directory to let
apache write its data or access it s files to its home directory?

This has nothing to do with home directories, or lack of them. A home directory is simply a place to store files. However, you can store files anywhere and grant permissions appropriately.

Also, are you sure you have no home directory for the user "apache"? On CentOS systems, if you check in the sixth field of the /etc/passwd entry for user "apache", you should see a home directory of /var/www

For the ssh key, it is important to keep it secure. Anyone who gets this key can use it to log in to any system that trusts the key. So it is best to have the key be single-purpose, used only for your PHP web application and not for anything else. If the key already exists (that is, it was not created just for the use of this PHP web application) and is owned by another user, then that is not great and by letting the user "apache" read (a copy of) the key you may be doing something dangerous.

OpenSSH (/usr/sbin/ssh) will refuse to use a key if the permissions on either it or the directory it is in allow access for other users. So rather than setting permissions on the current copy of the key (which from what you write above is owned by a different user than "apache") you'll probably want to make a copy of the key. If user "apache" has the home directory /var/www, then a natural place to put this copy is /var/www/.ssh/ (assuming your DocumentRoot directory is /var/www/html, it would be very bad if your DocumentRoot were /var/www for some reason, as you'd then be making your ssh key available to anyone who could access your web site).

If you want to use a ssh key that is stored somewhere else other than the user "apache" home directory, the "-i" option to ssh will allow you to do this. See the ssh manual page for more information.

--
  Mark Montague
  mark@xxxxxxxxxxx


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux