Re[2]: users in apache
I saw something about Apache 2.0 where is it possible to have only
user permission, I will look at it and try and send more...
Regards
Michal Novotny
9. dubna 2002 1:50:56, Craig Sanders <cas@taz.net.au> pise:
> On Mon, Apr 08, 2002 at 07:23:47PM +0200, Michal Novotny wrote:
>> Is it possible to run/switch apache to user defined by User directive?
>>
>> Situation:
>> Apache running www-data.www-data
>> In home dirs users have their data (html etc.) with permission 600 and
>> with user.www-data
>> Now it is not possible to get any html (permission denied) ofcourse,
>> because of permissions, but I don't want to set it 660, because then
>> other user in that group can read/overwrite data/htmls.
> all files to be served by apache *MUST* be readable by user and/or group
> www-data. all directories in the path to the files *MUST* be readable
> and executable by user and/or group www-data.
> this means that they should either be owned by www-data and at least
> mode 400 (or 500 for directories), or they should be in group www-data
> and at least 440 (or 550 for directories). alternatively, files must be
> world-readable and directories must be world readable & executable.
> the default is for files to be owned by the user, and mode 644 and for
> directories to be owned by the user and mode 755.
> you don't have any choice in this. if you want to serve pages, then the
> pages must be accessible by the apache process. or, to put it another
> way, apache can't serve a file it doesn't have permission to access.
> for CGI scripts, you can use suexec (comes with apache) or cgiwrap
> (separate package) or similar program to make the script run as a
> particular user. as a security precaution, both suexec and cgiwrap have
> quite strict policies on what they will run...but cgiwrap is more
> flexible.
> craig
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: