RE: htpasswd permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

No, SELinux is disabled.

-----Original Message-----
From: laurence.schuler [mailto:laurence.schuler@xxxxxxxx] 
Sent: Wednesday, July 03, 2013 1:43 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  htpasswd permissions

On 07/03/2013 12:40 PM, Isenhower, Dave wrote:
> Hi,
>
> I have a an htpasswd file that I want to have locked down so that it cannot be read on the filesystem by anyone other than the owner and Apache.  Apache is version 2.2.3 running on RedHat Linux 5.9.  
>
> The permissions I have set are as follows:
>
> drwxr-xr-x 6 root     root   4096 May  7 10:19 /www
> drwxrwxr-x 3 webowner apache 4096 May  7 10:03 /www/etc drwxrwxr-x 4 
> webowner apache 4096 Jun  7 18:01 /www/etc/apache
> drwxrwx--- 6 webowner apache 4096 Jun  7 18:01 /www/etc/apache/config
> -rw-rw---- 1 webowner apache 123  Jun  7 18:01 
> /www/etc/apache/config/htpasswd
>
> The httpd server starts as root and runs under the apache account as a member of the apache group.  Under this permission structure, the web server will prompt the user for authentication, but throws an internal server error after the attempted login.
>
> The error log shows this:
>
> [Wed Jul 03 10:58:12 2013] [error] [client 127.0.0.1] (13)Permission 
> denied: Could not open password file: /www/etc/apache/config/htpasswd 
> [Wed Jul 03 10:58:12 2013] [crit] [client 127.0.0.1] configuration 
> error:  couldn't check user.  No user file?: /restricted/testfile.html
>
> If I give read access to others on htpasswd (chmod o+r) and the config directory (chmod o+rx), there's no more internal server error.  Changing the owner from webowner to apache also resolves the issue.  However, neither of these options meets my needs in terms of file-security.
>
> I'm stumped and would appreciate any help.
>
> Thanks,
> Dave
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
Are you using SELinux?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux