[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re[2]: users in apache

I  saw  something  about  Apache 2.0 where is it possible to have only
user permission, I will look at it and try and send more...

Michal Novotny

9. dubna 2002 1:50:56, Craig Sanders <cas@taz.net.au> pise:

> On Mon, Apr 08, 2002 at 07:23:47PM +0200, Michal Novotny wrote:
>> Is it possible to run/switch apache to user defined by User directive?
>> Situation:
>> Apache running www-data.www-data
>> In home dirs users have their data (html etc.) with permission 600 and
>> with user.www-data
>> Now it is not possible to get any html (permission denied) ofcourse,
>> because of permissions, but I don't want to set it 660, because then
>> other user in that group can read/overwrite data/htmls.

> all files to be served by apache *MUST* be readable by user and/or group
> www-data.  all directories in the path to the files *MUST* be readable
> and executable by user and/or group www-data.

> this means that they should either be owned by www-data and at least
> mode 400 (or 500 for directories), or they should be in group www-data
> and at least 440 (or 550 for directories).  alternatively, files must be
> world-readable and directories must be world readable & executable.

> the default is for files to be owned by the user, and mode 644 and for
> directories to be owned by the user and mode 755.

> you don't have any choice in this.  if you want to serve pages, then the
> pages must be accessible by the apache process.  or, to put it another
> way, apache can't serve a file it doesn't have permission to access.

> for CGI scripts, you can use suexec (comes with apache) or cgiwrap
> (separate package) or similar program to make the script run as a
> particular user.  as a security precaution, both suexec and cgiwrap have
> quite strict policies on what they will run...but cgiwrap is more
> flexible.

> craig

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: