--On Thursday, March 02, 2006 10:05 PM +0100 Krassen Deltchev <deltchev@xxxxxxxxxxxxx> wrote:
Hello, i have a very odd problem:
Woah! Serious trouble, man (just joking but arm yourself with courage to climb the learning curve...). And get a good book. Here's what you want to do: 1) Any apache-related stuff is often best asked in the apache discussion group.. err here: <http://httpd.apache.org/lists.html#http-users> 2) About the permissions question: a) Make sure apache is running non-root. What does ps faux show? Something like this? Good. The apache user is configured in httpd.conf root 25695 0.0 0.0 120016 1736 ? Ss Feb12 0:00 /usr/local/apache2/bin/httpd -DSSL -DTOMCAT -DPHP apache 18361 0.0 0.1 120392 5084 ? S Mar01 0:00 \_ /usr/local/apache2/bin/httpd -DSSL -DTOMCAT -DPHP apache 2411 0.0 0.1 120504 5156 ? S 14:19 0:00 \_ /usr/local/apache2/bin/httpd -DSSL -DTOMCAT -DPHP apache 2521 0.0 0.1 120544 5248 ? S 14:19 0:00 \_ /usr/local/apache2/bin/httpd -DSSL -DTOMCAT -DPHP apache 2522 0.0 0.1 120520 5204 ? S 14:19 0:00 \_ /usr/local/apache2/bin/httpd -DSSL -DTOMCAT -DPHP b) Webspace file permission have nothing to do with httpd.conf It has everything to do with the OS. What you want is: WORLD Make sure the files in the website can be read by the user running the webserver (apache or httpd) -> make them world-readable, directories executable. Make sure the files in the website cannot be modified by the user running the webserver (apache or httpd) -> make them not-world-writeable GROUP You have a special group that can change stuff (group 33). All the stuff on the site should be owned by that group. The group must be able to read and write files and to read, write, execute directories. ADDITIONALLY, newly created files and directories need to 'inherit' the group ownership. Set the 'group setuid' bit on the directories. (chmod g+s) Edit /etc/group and put all your user 1002 1003 1004 into that group (vigr). Users should be able to modify files and directories as these files and directories are writeable by group 33. However, suppose user 1003, primary group 1003, creates a new file. In that case, the file is owned by group 1003 instead of 33. Not good. So we have to set the 'setuid group' flags on the directories. That way, the directories transfer their group ownership to newly created child directories (quite a hack, eh?) That flag is inherited through a newly created directory hierarchy. Which is nice. Adding the directory 'setuid group' flag is done by: chmod g+s bar (see the find command below) USER The owning user may be root for example. It's not that important. Permissions may be rwx (but make sure you have no setuid root executables in there... :-P Commands: find /var/my/website -type f -exec chmod u=rw,g=rw,o=r '{}' ';' find /var/my/website -type d -exec chmod u=rwx,g=rwxs,o=rx '{}' ';' find /var/my/website -exec chown root.33 '{}' ';' No guarantees on anything.... Good luck. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
