Re: Change user for Apache web server to a non-privileged user? [wd-vc]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Kurt,

Thanks for the reply!  May you provide the command that properly adds read/execute permissions to DocumentRoot at /opt/fpp/www   I am new to learning Linux and could use some help.  :)

Thanks agian,
Tom


On Wed, Sep 14, 2016 at 8:26 AM, Bremser, Kurt (AMOS Austria GmbH) <Kurt.Bremser@xxxxxxxxxx> wrote:
Looks like http-web misses read/execute permissions on your DocumentRoot directory.

Kurt Bremser
AMOS Austria

Newton was wrong. There is no gravity. The Earth sucks.
________________________________________
Von: Tom Hammond [tominohio@xxxxxxxxx]
Gesendet: Mittwoch, 14. September 2016 14:16
An: users@xxxxxxxxxxxxxxxx
Betreff: Change user for Apache web server to a non-privileged user? [wd-vc]

Hello everyone,

I have an Apache 2.2x server and would like to harden security so that hackers can't get in easily to the Apache webserver.  One suggestion is to change the user/group for Apache to a non-privileged account.

Currently the user "fpp" is the default user for Apache which has access to the operating system via sudo commands.

I entered these commands to create a non-privileged account:
sudo groupadd http-web
sudo useradd -d /opt/fpp/www/ -g http-web http-web

I then edited /etc/apache2/envvars to change these lines:
export APACHE_RUN_USER=http-web
export APACHE_RUN_GROUP=http-web

I also ran this command to change user/group permissions on this folder:
sudo chown -R http-web:http-web /var/lock/apache2/
sudo chown -R http-web:http-web /opt/fpp/www

Finally, I restarted the Apache service with this command:
sudo service apache2 restart

When I try to access the website on this server, I receive the following message:


Forbidden: You don't have permission to access / on this server.


I've been scouring the Internet trying to figure out how to switch the default "fpp" Apache user to a non-privileged account and can't figure it out. Can someone shed some light on this?

Thanks!
Tom

AMOS Austria GmbH
1130 Wien, Hietzinger Kai 101-105
FN 365014k, Handelsgericht Wien
UID: ATU 66614737

http://www.allianz.at

********************************************************
Dieses E-Mail und allfaellig daran angeschlossene Anhaenge
enthalten Informationen, die vertraulich und
ausschliesslich fuer den (die) bezeichneten Adressaten
bestimmt sind.
Wenn Sie nicht der genannte Adressat sind, darf dieses
E-Mail samt allfaelliger Anhaenge von Ihnen weder anderen
Personen zugaenglich gemacht noch in anderer Weise
verwertet werden.
Wenn Sie nicht der beabsichtigte Empfaenger sind, bitten
wir Sie, dieses E-Mail und saemtliche angeschlossene
Anhaenge zu loeschen.

Please note: This email and any files transmitted with it is
intended only for the named recipients and may contain
confidential and/or privileged information. If you are not the
intended recipient, please do not read, copy, use or disclose
the contents of this communication to others and notify the
sender immediately. Then please delete the email and any
copies of it. Thank you.
********************************************************

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux