Re: apache permission problem please help
Apache (propably) runs as the 'www' user and group. So each file (and path) needs to be readable by -> the www group OR the www users must be a member of the group of the diretory OR the world And each directory needs the 'x' access flag set. See the man pages for chmod, chown and chgrp for more details Example: drwxr-xr-x 10 dirkx staff512 Nov 12 2003 swad -rw-r--r-- 1 dirkx staff 711332 Sep 24 2003 tabellenWADI.pdf Can be seen by www (world readable and directory has x) drwxr-x-- 10 dirkx staff512 Nov 12 2003 swad -rw-r 1 dirkx staff 711332 Sep 24 2003 tabellenWADI.pdf Cannot be seen by www UNLESS www is a member of 'staff' (i.e. www is in the staff line in /etc/group). drwx 10 dirkx staff512 Nov 12 2003 swad -rw- 1 dirkx staff 711332 Sep 24 2003 tabellenWADI.pdf Can never be seen by the web server as it runs as 'www'. Note that the web server needs to traverse the entire path; so for a file ro dir /home/dirkx/public_html/index.html check: / /home /home/dirkx /home/dirkx/pulic_html for an x in world/other or the right group and the file /home/dirkx/public_html/index.html for read. If you want something different read the manual of apache, and in particular the SUID mode. See also the FAQ of apache. Dw. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: apache permission problem please help
Ok as anyone reading this thread knows i have huge mess on hands. Have found that if i set the all the users dir to 701 chmod -R 701 home then go into each users home directory and set the the www directory to 751 cd /home/user chmod -R 751 www then change the group permissions of this folder to www chown -R :www www apache works again This is all great but what a pain there must be an easier way as i have many users and do not want to go through this process for all of them. This seems like a secure method i think or would the /usr/local/www/user with a symlink be more secure. I run a stock freebsd system and do not really what users poking around have heard about chrooting as an another option for this I am very confused need some guidance. side note I also have all my users in one directory and it is getting large would like to move some of them into new directories like maybe webclients and mailclients but i moved one and had to modify the permissions all over again and update the password database and oh what a nightmare will take me days. Nathan Kinkade wrote: On Tue, Aug 24, 2004 at 03:09:04PM -0600, RYAN vAN GINNEKEN wrote: SEE ERROR BELOW Was playing with permissions on my home dirs last night and changed everything to chmod 700 had some problem with users looking at and copying other users webpages. I have a directory in each users home dir named www where they keep there web files ie /usr/home/username/www so i guess when i changed everything to 700 apache was unable to use these files. Now i have tried the best i can to change everything back set to chmod to 655 and even tried moving a site to /usr/local/www/username in hope that apache could read it there but no luck what has happened please help. Wait now things have started to work, for the web site that i moved to /usr/local/www/username. There seems to be some lag after i make changes to the permissions and restart apache is this possible. I have a real mess on my hands now guess i will have to play with permissions and modes now to get all the sites backup. How do i set up home directories that are secure for each user ie other users on the system cannot read them but apache can. Should i move all web pages to the /usr/local/www dir. Also is there some way to automate this so that when i create a new user or modify a file things will work correctly. Have been using UNIX for many years finally got up the courage to play with modes and perms. Guess i shot myself in the foot like i have been warned about by many people and docs. A better approach would be to set each users home dir itself to 700 permissions, not necessarily all the files and directories in each users dir. Are you using a httpd.conf directive such as to allow users to publish files from their home dir, or are you putting sym links in the web root? Nathan I am using the home directory no symlinks ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: apache permission problem please help
On Tue, Aug 24, 2004 at 03:09:04PM -0600, RYAN vAN GINNEKEN wrote: > SEE ERROR BELOW > > Was playing with permissions on my home dirs last night and changed > everything to chmod 700 had some problem with users looking at and > copying other users webpages. I have a directory in each users home > dir named www where they keep there web files ie > /usr/home/username/www so i guess when i changed everything to 700 > apache was unable to use these files. > > Now i have tried the best i can to change everything back set to > chmod to 655 and even tried moving a site to /usr/local/www/username > in hope that apache could read it there but no luck what has happened > please help. > > Wait now things have started to work, for the web site that i moved to > /usr/local/www/username. There seems to be some lag after i make > changes to the permissions and restart apache is this possible. > > I have a real mess on my hands now guess i will have to play with > permissions and modes now to get all the sites backup. How do i set > up home directories that are secure for each user ie other users on > the system cannot read them but apache can. Should i move all web > pages to the /usr/local/www dir. Also is there some way to automate > this so that when i create a new user or modify a file things will > work correctly. Have been using UNIX for many years finally got up > the courage to play with modes and perms. Guess i shot myself in the > foot like i have been warned about by many people and docs. A better approach would be to set each users home dir itself to 700 permissions, not necessarily all the files and directories in each users dir. Are you using a httpd.conf directive such as to allow users to publish files from their home dir, or are you putting sym links in the web root? Nathan -- PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=get&search=0xD8527E49 pgp8QHJ10Aiig.pgp Description: PGP signature
apache permission problem please help
SEE ERROR BELOW Was playing with permissions on my home dirs last night and changed everything to chmod 700 had some problem with users looking at and copying other users webpages. I have a directory in each users home dir named www where they keep there web files ie /usr/home/username/www so i guess when i changed everything to 700 apache was unable to use these files. Now i have tried the best i can to change everything back set to chmod to 655 and even tried moving a site to /usr/local/www/username in hope that apache could read it there but no luck what has happened please help. Wait now things have started to work, for the web site that i moved to /usr/local/www/username. There seems to be some lag after i make changes to the permissions and restart apache is this possible. I have a real mess on my hands now guess i will have to play with permissions and modes now to get all the sites backup. How do i set up home directories that are secure for each user ie other users on the system cannot read them but apache can. Should i move all web pages to the /usr/local/www dir. Also is there some way to automate this so that when i create a new user or modify a file things will work correctly. Have been using UNIX for many years finally got up the courage to play with modes and perms. Guess i shot myself in the foot like i have been warned about by many people and docs. PLEASE HELP Forbidden You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Apache/2.0.49 (Unix) PHP/4.3.5 mod_ssl/2.0.49 OpenSSL/0.9.7d Server at v2.computerking.ca Port 80 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
apache permission problem please help
SEE ERROR BELOW Was playing with permissions on my home dirs last night and changed everything to chmod 700 had some problem with users looking at and copying other users webpages. I have a directory in each users home dir named www where they keep there web files ie /usr/home/username/www so i guess when i changed everything to 700 apache was unable to use these files. Now i have tried the best i can to change everything back set to chmod to 655 and even tried moving a site to /usr/local/www/username in hope that apache could read it there but no luck what has happened please help. Wait now things have started to work, for the web site that i moved to /usr/local/www/username. There seems to be some lag after i make changes to the permissions and restart apache is this possible. I have a real mess on my hands now guess i will have to play with permissions and modes now to get all the sites backup. How do i set up home directories that are secure for each user ie other users on the system cannot read them but apache can. Should i move all web pages to the /usr/local/www dir. Also is there some way to automate this so that when i create a new user or modify a file things will work correctly. Have been using UNIX for many years finally got up the courage to play with modes and perms. Guess i shot myself in the foot like i have been warned about by many people and docs. PLEASE HELP Forbidden You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Apache/2.0.49 (Unix) PHP/4.3.5 mod_ssl/2.0.49 OpenSSL/0.9.7d Server at v2.computerking.ca Port 80 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
