Date: Wed, 25 Aug 2004 03:13:49 -0600 From: RYAN vAN GINNEKEN <maillist@computerking.ca> To: freebsd-questions@freebsd.org Subject: Re: apache permission problem please help Message-ID: <412C584D.6030701@computerking.ca> In-Reply-To: <20040824221637.GP3767@gentoo-npk.bmp.ub> References: <412BAE70.4080402@computerking.ca> <20040824221637.GP3767@gentoo-npk.bmp.ub>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok as anyone reading this thread knows i have huge mess on hands. Have found that if i set the all the users dir to 701 chmod -R 701 home then go into each users home directory and set the the www directory to 751 cd /home/user chmod -R 751 www then change the group permissions of this folder to www chown -R :www www apache works again This is all great but what a pain there must be an easier way as i have many users and do not want to go through this process for all of them. This seems like a secure method i think or would the /usr/local/www/user with a symlink be more secure. I run a stock freebsd system and do not really what users poking around have heard about chrooting as an another option for this I am very confused need some guidance. side note I also have all my users in one directory and it is getting large would like to move some of them into new directories like maybe webclients and mailclients but i moved one and had to modify the permissions all over again and update the password database and oh what a nightmare will take me days. Nathan Kinkade wrote: >On Tue, Aug 24, 2004 at 03:09:04PM -0600, RYAN vAN GINNEKEN wrote: > > >>SEE ERROR BELOW >> >>Was playing with permissions on my home dirs last night and changed >>everything to chmod 700 had some problem with users looking at and >>copying other users webpages. I have a directory in each users home >>dir named www where they keep there web files ie >>/usr/home/username/www so i guess when i changed everything to 700 >>apache was unable to use these files. >> >>Now i have tried the best i can to change everything back set to >>chmod to 655 and even tried moving a site to /usr/local/www/username >>in hope that apache could read it there but no luck what has happened >>please help. >> >>Wait now things have started to work, for the web site that i moved to >>/usr/local/www/username. There seems to be some lag after i make >>changes to the permissions and restart apache is this possible. >> >>I have a real mess on my hands now guess i will have to play with >>permissions and modes now to get all the sites backup. How do i set >>up home directories that are secure for each user ie other users on >>the system cannot read them but apache can. Should i move all web >>pages to the /usr/local/www dir. Also is there some way to automate >>this so that when i create a new user or modify a file things will >>work correctly. Have been using UNIX for many years finally got up >>the courage to play with modes and perms. Guess i shot myself in the >>foot like i have been warned about by many people and docs. >> >> ><snip> > >A better approach would be to set each users home dir itself to 700 >permissions, not necessarily all the files and directories in each users >dir. Are you using a httpd.conf directive such as ><Directory /home/*/public_html> to allow users to publish files from >their home dir, or are you putting sym links in the web root? > >Nathan > > I am using the home directory no symlinks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?412C584D.6030701>