[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: privileges problem

On Saturday 23 June 2001 14:40, :yegon wrote:
> while configuring dynamic virtual hosting (with mod_vhost_alias) on a
> new server i ran into this problem
> i create a new group named g(username) for each new virtual web, I set
> all user files to chmod 640 to avoid them to be read by another user
> my apache server runs as www-data so i need to add user www-data to
> each virtual web group to be able to serve its documents

Supplementary groups are only read by login, su, and other programs that 
change UID etc.  They can only be changed by a root process so once the 
program is running as UID != 0 it can't be changed.

> this all works fine but
> when I create a new virtual web, that means a new group, user and home
> directory and try to access its documents via http I get this error in
> the apache error.log
> is there a way to somehow refresh this info for the running process
> without restarting it?


> do you have another suggestion?

Why do you need to have a separate GID for each web space?  Why not just 
have the files owned by the GID for Apache and the UID for the user?

Another solution would be to make all the files owned by the UID of 
Apache and the GID of the user and mode 660...

http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

Reply to: