Re: [EMAIL PROTECTED] Problem setting up mod_alias for an external folder
On Dec 12, 2005, at 9:46 PM, Joshua Slive wrote: The Alias is entirely separate. That is what tells apache *where* to find the file. What you need is to have it setup such that, if you where to login as the User/Group specified in httpd.conf, you would be able to access the relevant files. How you do that depends on your setup. Very good. Thanks for you help/patience. Ken - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problem setting up mod_alias for an external folder
On 12/12/05, Ken Tozier <[EMAIL PROTECTED]> wrote: > > On Dec 12, 2005, at 9:33 AM, Joshua Slive wrote: > > > Apache processes are treated like any other user; well, in fact, a > > particular user: the one specified in the User/Group directives in > > httpd.conf. If this User/Group can access the files using ordinary > > filesystem permissions, then apache can access them. > > OK. I think it *might* be sinking in. > > So basically, all I need to do, is ask the the Windows server IT guys > to add user "www" to the group that can access the photos folder in > question? And Apache will be able to serve photos from that folder? > Would I still need to define an alias in the mod_alias section of the > httpd.conf file? The Alias is entirely separate. That is what tells apache *where* to find the file. What you need is to have it setup such that, if you where to login as the User/Group specified in httpd.conf, you would be able to access the relevant files. How you do that depends on your setup. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problem setting up mod_alias for an external folder
On Dec 12, 2005, at 9:33 AM, Joshua Slive wrote: Apache processes are treated like any other user; well, in fact, a particular user: the one specified in the User/Group directives in httpd.conf. If this User/Group can access the files using ordinary filesystem permissions, then apache can access them. OK. I think it *might* be sinking in. So basically, all I need to do, is ask the the Windows server IT guys to add user "www" to the group that can access the photos folder in question? And Apache will be able to serve photos from that folder? Would I still need to define an alias in the mod_alias section of the httpd.conf file? Ken - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problem setting up mod_alias for an external folder
On 12/11/05, Ken Tozier <[EMAIL PROTECTED]> wrote: > > On Dec 11, 2005, at 8:12 PM, Joshua Slive wrote: > > By "exposing the entire hierarchy" do you mean giving file-system > > search permissions (chmod +x)? If so, no, you can't work around this > > in apache. It has nothing to do with apache. It is the file-system > > that is denying access. If apache can't get to the directory, there > > is no way to serve the files. > > I guess the confusion on my part is: Why isn't it possible to just > treat the Apache process as you would any other user? Add Apache > process x from machine y to group z that is allowed see a specified > folder? Instead, we're forced to redefining the permissions of every > directory in the path just so Apache can see it. The permissions are > already set up the way we want them re group access and in the > overall scheme of things Apache should be just another user logged > into the server. Apache processes are treated like any other user; well, in fact, a particular user: the one specified in the User/Group directives in httpd.conf. If this User/Group can access the files using ordinary filesystem permissions, then apache can access them. > The mechanics of coercing a resource URL into a file system path are > trivial. With a correctly formatted path string in hand, just send a > file open to the underlying file system. If you get a valid file > handle back, great you have permission. If not you don't. No need to > go through all this directory permission redefinition business. If the apache User/Group doesn't have search permissions on the directories leading to the file in question, then the "file open to the underlying file system" will fail. This is an OS/filesystem issue, and not an apache issue, as I've mentioned. Perhaps you missed one thing: you don't necessarily need to give wide-open +x permission to everyone; you can give it only to the specific User/Group specified in httpd.conf. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problem setting up mod_alias for an external folder
On Dec 11, 2005, at 8:12 PM, Joshua Slive wrote: By "exposing the entire hierarchy" do you mean giving file-system search permissions (chmod +x)? If so, no, you can't work around this in apache. It has nothing to do with apache. It is the file-system that is denying access. If apache can't get to the directory, there is no way to serve the files. I guess the confusion on my part is: Why isn't it possible to just treat the Apache process as you would any other user? Add Apache process x from machine y to group z that is allowed see a specified folder? Instead, we're forced to redefining the permissions of every directory in the path just so Apache can see it. The permissions are already set up the way we want them re group access and in the overall scheme of things Apache should be just another user logged into the server. The mechanics of coercing a resource URL into a file system path are trivial. With a correctly formatted path string in hand, just send a file open to the underlying file system. If you get a valid file handle back, great you have permission. If not you don't. No need to go through all this directory permission redefinition business. Ken - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problem setting up mod_alias for an external folder
On 12/11/05, Ken Tozier <[EMAIL PROTECTED]> wrote: > On Dec 11, 2005, at 1:17 PM, Joshua Slive wrote: > > > > On 12/11/05, Ken Tozier <[EMAIL PROTECTED]> wrote: > > > > > >> Then when I type 'localhost/images/' or '127.0.0.1/images/' into a > >> Safari or Firefox address bar, I get: > >> "Forbidden > >> > >> You don't have permission to access /images/ on this server. > >> > >> Apache/1.3.33 Server at mycomputer.local Port 80" > >> > >> Does anyone know whether Mac OS Tiger has some additional settings > >> somewhere that need to be changed to allow the above to work? > >> > > > > Start here: > > http://httpd.apache.org/docs/1.3/misc/FAQ.html#forbidden > > > > Well that works on my test machine. Unfortunately, in the actual > application, what I need to do is point Apache to an existing > directory on a production server which contains the images I need to > use. Moving or copying the tens of thousands of images to the Web > server isn't an option. Installing another copy of Apache on the > production server isn't an option and opening up the permissions of > the entire production server hierarchy to the world isn't an option. > > Is there no way to target a specific folder without exposing the > entire hierarchy it exists in? Could this be worked around with a > custom module? By "exposing the entire hierarchy" do you mean giving file-system search permissions (chmod +x)? If so, no, you can't work around this in apache. It has nothing to do with apache. It is the file-system that is denying access. If apache can't get to the directory, there is no way to serve the files. In general, giving careful search permissions on the tree while restricting read permissions should be perfectly safe in most circumstances. A possible alternative might be to do some fancy file-system tricks like remounting that particular directory in its own spot that isn't so tightly protected. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problem setting up mod_alias for an external folder
On Dec 11, 2005, at 1:17 PM, Joshua Slive wrote: On 12/11/05, Ken Tozier <[EMAIL PROTECTED]> wrote: Then when I type 'localhost/images/' or '127.0.0.1/images/' into a Safari or Firefox address bar, I get: "Forbidden You don't have permission to access /images/ on this server. Apache/1.3.33 Server at mycomputer.local Port 80" Does anyone know whether Mac OS Tiger has some additional settings somewhere that need to be changed to allow the above to work? Start here: http://httpd.apache.org/docs/1.3/misc/FAQ.html#forbidden Well that works on my test machine. Unfortunately, in the actual application, what I need to do is point Apache to an existing directory on a production server which contains the images I need to use. Moving or copying the tens of thousands of images to the Web server isn't an option. Installing another copy of Apache on the production server isn't an option and opening up the permissions of the entire production server hierarchy to the world isn't an option. Is there no way to target a specific folder without exposing the entire hierarchy it exists in? Could this be worked around with a custom module? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problem setting up mod_alias for an external folder
On Dec 11, 2005, at 1:17 PM, Joshua Slive wrote: On 12/11/05, Ken Tozier <[EMAIL PROTECTED]> wrote: Then when I type 'localhost/images/' or '127.0.0.1/images/' into a Safari or Firefox address bar, I get: "Forbidden You don't have permission to access /images/ on this server. Apache/1.3.33 Server at mycomputer.local Port 80" Does anyone know whether Mac OS Tiger has some additional settings somewhere that need to be changed to allow the above to work? Start here: http://httpd.apache.org/docs/1.3/misc/FAQ.html#forbidden Well that works on my test machine. Unfortunately, in the actual application, what I need to do is point Apache to an existing directory on a production server which contains the images I need to use. Moving or copying the tens of thousands of images to the Web server isn't an option. Installing another copy of Apache on the production server isn't an option and opening up the permissions of the entire production server hierarchy to the world isn't an option. Is there no way to target a specific folder without exposing the entire hierarchy it exists in? Could this be worked around with a custom module? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Problem setting up mod_alias for an external folder
On 12/11/05, Ken Tozier <[EMAIL PROTECTED]> wrote: > Then when I type 'localhost/images/' or '127.0.0.1/images/' into a > Safari or Firefox address bar, I get: > "Forbidden > > You don't have permission to access /images/ on this server. > > Apache/1.3.33 Server at mycomputer.local Port 80" > > Does anyone know whether Mac OS Tiger has some additional settings > somewhere that need to be changed to allow the above to work? Start here: http://httpd.apache.org/docs/1.3/misc/FAQ.html#forbidden Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Problem setting up mod_alias for an external folder
Hi all I'm a complete Apache noob and am having no luck getting an addition to the mod_alias section of my httpd.conf file working. I found and followed a tutorial here: http://www.macdevcenter.com/pub/a/mac/ 2003/05/16/web_files.html but it didn't work. Here's what I added to httpd.conf: Alias /images/ "/Users/mycomputer/Desktop/pmsnapshots/" Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all Next I set the permissions on the target folder to group->www readonly Then when I type 'localhost/images/' or '127.0.0.1/images/' into a Safari or Firefox address bar, I get: "Forbidden You don't have permission to access /images/ on this server. Apache/1.3.33 Server at mycomputer.local Port 80" Does anyone know whether Mac OS Tiger has some additional settings somewhere that need to be changed to allow the above to work? Thanks for any help Ken - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]