Hello! Sorry, for answering to you as a PM and for giving you so late my reply! The problem has been solved and i wanted to thank you for your support,really appreciated! Also i wanted to thank you for the really good walkthrough(written with a good sense of humour ;) ),splendid advices! The only thing ,that i'm still missing is ,that the user(of that group:33) can't rename the file index.html(example:to index.htm or to index2.html),but replacing it with a new version of the file works wonderful using winSCP3. I have changed the group ownership of the folder containing the whole data for the html-site(every file has the group ownership(33)-rekursiv),the funny thing was, that before doing this ,only the root was the owner of that folder and root was the group owner.... If you have also good advices for books regarding apache webserver,i would be thankful ,if you let me know! Nice time and kindest regards! krassen David Tonhofer, m-plify S.A. schrieb: > --On Thursday, March 02, 2006 10:05 PM +0100 Krassen Deltchev > <deltchev@xxxxxxxxxxxxx> wrote: > >> Hello, >> >> i have a very odd problem: > > > Woah! Serious trouble, man (just joking but arm yourself with courage > to climb the learning curve...). And get a good book. > > Here's what you want to do: > > 1) Any apache-related stuff is often best asked in the apache > discussion group.. err here: > <http://httpd.apache.org/lists.html#http-users> > > 2) About the permissions question: > > a) Make sure apache is running non-root. What does ps faux show? > Something like this? Good. The apache user is configured in > httpd.conf > > root 25695 0.0 0.0 120016 1736 ? Ss Feb12 0:00 > /usr/local/apache2/bin/httpd -DSSL -DTOMCAT -DPHP > apache 18361 0.0 0.1 120392 5084 ? S Mar01 0:00 \_ > /usr/local/apache2/bin/httpd -DSSL -DTOMCAT -DPHP > apache 2411 0.0 0.1 120504 5156 ? S 14:19 0:00 \_ > /usr/local/apache2/bin/httpd -DSSL -DTOMCAT -DPHP > apache 2521 0.0 0.1 120544 5248 ? S 14:19 0:00 \_ > /usr/local/apache2/bin/httpd -DSSL -DTOMCAT -DPHP > apache 2522 0.0 0.1 120520 5204 ? S 14:19 0:00 \_ > /usr/local/apache2/bin/httpd -DSSL -DTOMCAT -DPHP > > b) Webspace file permission have nothing to do with httpd.conf > It has everything to do with the OS. > > What you want is: > > WORLD > > Make sure the files in the website can be read by the user running the > webserver (apache or httpd) -> make them world-readable, directories > executable. > > Make sure the files in the website cannot be modified by the user > running the > webserver (apache or httpd) -> make them not-world-writeable > > GROUP > > You have a special group that can change stuff (group 33). All the > stuff > on the site should be owned by that group. The group must be able to > read and write files and to read, write, execute directories. > ADDITIONALLY, newly created files and directories need to 'inherit' > the group ownership. Set the 'group setuid' bit on the directories. > (chmod g+s) > > Edit /etc/group and put all your user 1002 1003 1004 into that group > (vigr). Users should be able to modify files and directories as these > files and directories are writeable by group 33. > > However, suppose user 1003, primary group 1003, creates a new file. > In that case, the file is owned by group 1003 instead of 33. > Not good. So we have to set the 'setuid group' flags on the > directories. > That way, the directories transfer their group ownership to newly > created child directories (quite a hack, eh?) That flag is inherited > through a newly created directory hierarchy. Which is nice. > > Adding the directory 'setuid group' flag is done by: > > chmod g+s bar (see the find command below) > > USER > > The owning user may be root for example. It's not that important. > Permissions may be rwx (but make sure you have no setuid root > executables > in there... :-P > > Commands: > > find /var/my/website -type f -exec chmod u=rw,g=rw,o=r '{}' ';' > find /var/my/website -type d -exec chmod u=rwx,g=rwxs,o=rx '{}' ';' > find /var/my/website -exec chown root.33 '{}' ';' > > > > No guarantees on anything.... > > Good luck. > -- ---- Krassen Deltchev Ruhr-Universität Bochum Medizinische Fakultät Institut für Physiologie Abteilung für Neurophysiologie MA 4-155 Universitätsstrasse 150 44801 Bochum e-mail: deltchev@xxxxxxxxxxxxx Krassen.Deltchev@xxxxxx tel.work: 0234.32.24918 -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list