Using Samba to share Apache web root, securely

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I'm setting up a shared web server running Apache.  Each web root will belong to a department, which has a corresponding Active Directory group to give access.  So far I've got samba working and such, but am having some trouble wrapping my head around the necessary permissions to make all this work, especially securely.  So far I've found that both the POSIX and the ACL permissions must both allow a user to write to directory which is proving problematic.  Is it better to give the web root directories very "loose" permissions and have Samba manage who can access the folders?

A few options I've come across would have a user's logged in account mapped to the "apache" user through samba, using the "force user", but that seems like a security risk allowing users to be apache.  Another option I currently have working is using a default ACL for apache to give the web server read of all the files.  The problem I have with this is some directories require write and some files should have read only (like db config files), so again a global permission set doesn't seem to work.

I'd be very interested in knowing how someone has solved a problem like this.

Thanks
- Trey
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux