Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st July 2008, 22:09
Carlo Gambino Carlo Gambino is offline
Junior Member
 
Join Date: Jul 2008
Location: Columbus, Ohio
Posts: 17
Thanks: 4
Thanked 0 Times in 0 Posts
Send a message via MSN to Carlo Gambino Send a message via Yahoo to Carlo Gambino
Default file permission security worries

I wasn't sure if I should make this a new thread, apologies if not.

The mention of file permission security came up while I'm working to configure my server. Currently, Apache looks for web files in /var/www which is owned by user and group root. The only other user set up on the machine currently is called administrator, and will only be used during setup and repair of the server.

I presume it's more secure to chown of the directory than to add more users to the root group?

This would not change Apache's view of the files it's serving, it would simply change the permission of what users are able to do what to the files- right?
Reply With Quote
Sponsored Links
  #2  
Old 22nd July 2008, 09:55
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

You can have the files owned by the apache user if you want. why would you want to give users root group permissions
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 22nd July 2008, 12:02
ralic ralic is offline
Member
 
Join Date: Jun 2008
Posts: 69
Thanks: 0
Thanked 11 Times in 11 Posts
Default

As a starting point, let's assume you plan to add multiple users to your server and each will have a home dir of /home/user1 /home/user2 etc. Let's further assume that their web page will be http://yourserver/user1 http://yourserver/user2 etc.

Within each home dir, you can create a www dir, so the path to the user's web site in the filesystem would be /home/user1/www/. In this dir the user can create their web pages.

From the sysadmin perspective you would need to create a config file for the user in the apache configuration area /etc/apache2/conf.d. Probably a good idea to create a template file that you can copy to a file with the name of the user and further customise. As a minimum you would probably want:
Code:
Alias /user1/ /home/user1/www/
<Directory /home/user1/www/>
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
Reload postfix for it to become active:
Code:
sudo /etc/init.d/apache2 reload
Put a basic index.html in /home/user1/www and visit http://yourserver/user1 to see it.

If each user has their own domain name or you're planning on something like http://user1.server.name then you need to go for virtualhosts, which is not that very different. Create a config file for the user in the apache configuration area /etc/apache2/sites-available. Again, at a minimum:
Code:
<VirtualHost *>
Servername user1.server.name
DocumentRoot /home/user1/www
#
ErrorLog /var/log/apache2/user1-error.log
CustomLog /var/log/apache2/user1-access.log combined
#
Alias /user1/ /home/user1/www/
<Directory /home/user1/www/>
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
</VirtualHost>
The virtualhost site must be enabled. Substitute user1 below for the name of the file in /etc/apache2/sites-available:
Code:
sudo a2ensite user1
Use a2dissite to disable them. Don't forget to reload apache to make the site available.

Also don't forget to set up the DNS entries if you plan to use virtualhosts.

This should let you achieve the objective, but not need to worry about file permissions or messing around in /var/www.
Of course, this is all just a quick hack to show you what can be done. You must review the apache docs to make sure that you secure your system properly and that you don't inadvertently open any security holes into it.
Reply With Quote
  #4  
Old 22nd July 2008, 12:08
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

You could just use
Code:
UserDir www
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #5  
Old 22nd July 2008, 19:42
ralic ralic is offline
Member
 
Join Date: Jun 2008
Posts: 69
Thanks: 0
Thanked 11 Times in 11 Posts
Default

Quote:
Originally Posted by topdog View Post
You could just use
Code:
UserDir www
That's where experience counts. I'm glad there's already a builtin shortcut.
Reply With Quote
  #6  
Old 23rd July 2008, 00:14
Carlo Gambino Carlo Gambino is offline
Junior Member
 
Join Date: Jul 2008
Location: Columbus, Ohio
Posts: 17
Thanks: 4
Thanked 0 Times in 0 Posts
Send a message via MSN to Carlo Gambino Send a message via Yahoo to Carlo Gambino
 
Default

Thanks again for the input! I think the way to go will be via virtualhosts. Currently, I am only doing this to learn, but I'd like to be hosting a few sites live, and I presume this would be the most secure option.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix delivery problem erebus Installation/Configuration 8 29th July 2014 21:17
add web site serr57 Installation/Configuration 18 13th April 2008 12:40
Chroot SSH + ISPConfig Norman Installation/Configuration 27 26th March 2007 04:40
Systemimager (rsync) doesn't copy all comedit HOWTO-Related Questions 11 19th January 2007 18:17
Howto suggestion suse PhP ver 4 + Ver 5 wwparrish Suggest HOWTO 11 7th August 2006 14:29


All times are GMT +2. The time now is 23:33.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.