[users@httpd] Apache SuexecUserGroup and group permissions
Hi, I'm having trouble with permissions and ownership on a fedora28 system with apache-2.4 and joomla-3.9. I'd like to be able to have only the minimal number of files necessary to be owned by apache and have an ssh/sftp user have access to read and write every file in the document root. I'm trying to address three issues: - Provide ability for ssh/sftp users to write files within the document root - Provide apache with only the minimal ability necessary to write/delete files, while not being restricted from reading. - Provide joomla with the ability to write and access files as part of its normal operation I've loaded mod_suexec and enabled it with "Suexec on" and configured SuexecUserGroup to the name of the ssh/sftp user: SuexecUserGroup ftpuser ftpuser I understood this to mean that, while apache is running as user "apache", any writes to the document root would be made as "ftpuser", but that does not appear to be the case. Installing joomla modules still fails because it can't write to some core joomla directories such as ./administrator/cache. What is the solution to restrict write access by apache to reduce the chances of some kind of privilege escalation attack should there be an apache vulnerability, yet provide regular ftp/sftp users with the ability to write changes as well as joomla itself have the ability to operate? Thanks, Dave - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] ErrorDocument with URL containing URL encoded chars
Not surprising that you got different behavior after removing a value from .htaccess and placing it elsewhere. No one knows exactly / 100% how .htaccess works. The file only exists because they wanted to maintain backwards compatibility with the web server that used to come with Mosaic at University of Illinois in the mid-90's. That server, called NCSA, had a requirement for directory level config files. Funny enough this is where the name Apache comes from...it was basically a collection of patches / a very "patchy" together web server Sorry I couldn't be of more help: https://en.wikipedia.org/wiki/NCSA_HTTPd https://www.askapache.com/htaccess/ On Wed, Jan 9, 2019 at 2:48 AM Hajo Locke wrote: > Hello List, > > have a interesting problem here. > I have a .htaccess with Errordocument containing Text to be displayed: > > ErrorDocument 404 "not existing" > > This works with standard URLs like http://example.com/fubar.htm > I get response 404 and in Browser displayed text is correct. > > Now i try URLs like this: http://example.com/%2ffubar > The URL encoded part of URL seems to be a problem for errordocument. I > still get the 404 respone, but displayed text has changed. > In place of "not existing" apache answers with "The requested URL > //fubar was not found on this server." > So apache is decoding $2f to / and use decoded URL for response-text in > place of "not existing" > > i get a change of behaviour if i put the ErrorDocument directive direct > into Vhost instead of .htaccess. > in this case the ErrorDocument is working as expected also with URLs > with url encoded Parts. > > In Apache 2.2 and 2.4 is same behaviour. > What is problem here and how to solve this? > > Thanks, > Hajo > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] ErrorDocument with URL containing URL encoded chars
Hello, Am 09.01.2019 um 09:48 schrieb Hajo Locke: Hello List, have a interesting problem here. I have a .htaccess with Errordocument containing Text to be displayed: ErrorDocument 404 "not existing" This works with standard URLs like http://example.com/fubar.htm I get response 404 and in Browser displayed text is correct. Now i try URLs like this: http://example.com/%2ffubar The URL encoded part of URL seems to be a problem for errordocument. I still get the 404 respone, but displayed text has changed. In place of "not existing" apache answers with "The requested URL //fubar was not found on this server." So apache is decoding $2f to / and use decoded URL for response-text in place of "not existing" i get a change of behaviour if i put the ErrorDocument directive direct into Vhost instead of .htaccess. in this case the ErrorDocument is working as expected also with URLs with url encoded Parts. In Apache 2.2 and 2.4 is same behaviour. What is problem here and how to solve this? we solved it with directive AllowEncodedSlashes Thanks, Hajo - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Thanks, Hajo - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] ErrorDocument with URL containing URL encoded chars
Hello List, have a interesting problem here. I have a .htaccess with Errordocument containing Text to be displayed: ErrorDocument 404 "not existing" This works with standard URLs like http://example.com/fubar.htm I get response 404 and in Browser displayed text is correct. Now i try URLs like this: http://example.com/%2ffubar The URL encoded part of URL seems to be a problem for errordocument. I still get the 404 respone, but displayed text has changed. In place of "not existing" apache answers with "The requested URL //fubar was not found on this server." So apache is decoding $2f to / and use decoded URL for response-text in place of "not existing" i get a change of behaviour if i put the ErrorDocument directive direct into Vhost instead of .htaccess. in this case the ErrorDocument is working as expected also with URLs with url encoded Parts. In Apache 2.2 and 2.4 is same behaviour. What is problem here and how to solve this? Thanks, Hajo - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
