The simplest thing is to to log on to the server with http-web (do a sudo su - http-web) and then navigate there to see where you fail. Also be sure that DocumentRoot from the httpd.conf points to a subdirectory of /opt/fpp/www. Kurt Bremser AMOS Austria Newton was wrong. There is no gravity. The Earth sucks. ________________________________________ Von: Tom Hammond [tominohio@xxxxxxxxx] Gesendet: Mittwoch, 14. September 2016 14:30 An: users@xxxxxxxxxxxxxxxx Betreff: Re: Change user for Apache web server to a non-privileged user? [wd-vc] Hi Kurt, Thanks for the reply! May you provide the command that properly adds read/execute permissions to DocumentRoot at /opt/fpp/www I am new to learning Linux and could use some help. :) Thanks agian, Tom On Wed, Sep 14, 2016 at 8:26 AM, Bremser, Kurt (AMOS Austria GmbH) <Kurt.Bremser@xxxxxxxxxx<mailto:Kurt.Bremser@xxxxxxxxxx>> wrote: Looks like http-web misses read/execute permissions on your DocumentRoot directory. Kurt Bremser AMOS Austria Newton was wrong. There is no gravity. The Earth sucks. ________________________________________ Von: Tom Hammond [tominohio@xxxxxxxxx<mailto:tominohio@xxxxxxxxx>] Gesendet: Mittwoch, 14. September 2016 14:16 An: users@xxxxxxxxxxxxxxxx<mailto:users@xxxxxxxxxxxxxxxx> Betreff: Change user for Apache web server to a non-privileged user? [wd-vc] Hello everyone, I have an Apache 2.2x server and would like to harden security so that hackers can't get in easily to the Apache webserver. One suggestion is to change the user/group for Apache to a non-privileged account. Currently the user "fpp" is the default user for Apache which has access to the operating system via sudo commands. I entered these commands to create a non-privileged account: sudo groupadd http-web sudo useradd -d /opt/fpp/www/ -g http-web http-web I then edited /etc/apache2/envvars to change these lines: export APACHE_RUN_USER=http-web export APACHE_RUN_GROUP=http-web I also ran this command to change user/group permissions on this folder: sudo chown -R http-web:http-web /var/lock/apache2/ sudo chown -R http-web:http-web /opt/fpp/www Finally, I restarted the Apache service with this command: sudo service apache2 restart When I try to access the website on this server, I receive the following message: Forbidden: You don't have permission to access / on this server. I've been scouring the Internet trying to figure out how to switch the default "fpp" Apache user to a non-privileged account and can't figure it out. Can someone shed some light on this? Thanks! Tom AMOS Austria GmbH 1130 Wien, Hietzinger Kai 101-105 FN 365014k, Handelsgericht Wien UID: ATU 66614737 http://www.allianz.at ******************************************************** Dieses E-Mail und allfaellig daran angeschlossene Anhaenge enthalten Informationen, die vertraulich und ausschliesslich fuer den (die) bezeichneten Adressaten bestimmt sind. Wenn Sie nicht der genannte Adressat sind, darf dieses E-Mail samt allfaelliger Anhaenge von Ihnen weder anderen Personen zugaenglich gemacht noch in anderer Weise verwertet werden. Wenn Sie nicht der beabsichtigte Empfaenger sind, bitten wir Sie, dieses E-Mail und saemtliche angeschlossene Anhaenge zu loeschen. Please note: This email and any files transmitted with it is intended only for the named recipients and may contain confidential and/or privileged information. If you are not the intended recipient, please do not read, copy, use or disclose the contents of this communication to others and notify the sender immediately. Then please delete the email and any copies of it. Thank you. ******************************************************** --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx<mailto:users-unsubscribe@xxxxxxxxxxxxxxxx> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx<mailto:users-help@xxxxxxxxxxxxxxxx> AMOS Austria GmbH 1130 Wien, Hietzinger Kai 101-105 FN 365014k, Handelsgericht Wien UID: ATU 66614737 http://www.allianz.at ******************************************************** Dieses E-Mail und allfaellig daran angeschlossene Anhaenge enthalten Informationen, die vertraulich und ausschliesslich fuer den (die) bezeichneten Adressaten bestimmt sind. Wenn Sie nicht der genannte Adressat sind, darf dieses E-Mail samt allfaelliger Anhaenge von Ihnen weder anderen Personen zugaenglich gemacht noch in anderer Weise verwertet werden. Wenn Sie nicht der beabsichtigte Empfaenger sind, bitten wir Sie, dieses E-Mail und saemtliche angeschlossene Anhaenge zu loeschen. Please note: This email and any files transmitted with it is intended only for the named recipients and may contain confidential and/or privileged information. If you are not the intended recipient, please do not read, copy, use or disclose the contents of this communication to others and notify the sender immediately. Then please delete the email and any copies of it. Thank you. ******************************************************** --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|