Re: Help needed to set correct permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/04/2010 08:30 PM, Thomas, Peter wrote:
> Just a stylistic note, I'm a great believer in the "find" command, but
> in this case I believe it is more readable to do something like this:
>
> # First, make sure the home directory is traversable by all users
> chmod a+x /home/somebody
>
> # Then, make sure NO files are executable under /home/somebody/www
> [equivalent to chmod -R 644 /home/somebody/www]
> # *** side effect--this temporarily makes all directories
> non-traversable, we'll fix that in a moment
> chmod -R u=rw,go=r /home/somebody/www
>
> # finally, re-enable directory traversal in /home/somebody/www and below
> chmod -R a+X /home/somebody/www
>
> For those not familiar, the symbolic "X" argument to chmod has the
> following semantics: it will always make directories traversable.  It
> will make files executable if and only if at least one executable bit
> was already set in the file's permissions.
>
> --Pete
> -----Original Message-----
> From: Philip Wigg [mailto:phil@xxxxxxxxxxxxxxxx]
> Sent: Thursday, February 04, 2010 9:48 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re:  Help needed to set correct permissions
>
> On 4 February 2010 14:34, Perl Whore <whoreperl@xxxxxxxxx> wrote:
>> I'm still getting the permission error.
>>
>> [Thu Feb 04 06:47:11 2010] [error] [client 1.2.3.4] (13)Permission
>> denied: access to / denied
>> [Thu Feb 04 07:29:05 2010] [error] [client 1.2.3.4] (13)Permission
>> denied: access to /test.htm denied
>> [Thu Feb 04 07:29:08 2010] [error] [client 1.2.3.4] (13)Permission
>> denied: access to /favicon.ico denied
>
> The following should work:-
>
> chmod +x /home/somebody
> chmod g+rx /home/somebody/www
> find /home/somebody/www -type f | xargs chmod 644
>
> I didn't set /home/somebody as executable earlier so maybe that was it.
>
>> Also, I took a look at mod_userdir and it says the URLs will be like
>> http://example.com/~user/ which is not what I'm looking to do. My
>> users have their own domains.
>
> Fair enough. You could look at mod_vhost alias if you have a lot of
> users to set up.
>
> Cheers,
> Phil.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
>


Thanks, this worked. But is this the best way to do it, though? Is it
possible to make the www folder traversible only by the apache
user/group and not *all* users? The users on my box are trusted so
it's not a big deal but I'm just trying to understand best practices
used for security.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux