PHWinfo - Afficher un message

22/01/2008, 00h39

D. Stussy wrote:
> "Jeff" <jeff@spam_me_not.com> wrote in message
> news:13p8l7s99rfcgf7@corp.supernews.com...
>> D. Stussy wrote:
>>> "Jeff" <jeff@spam_me_not.com> wrote in message
>>> news:13p6u38b2g5ip6f@corp.supernews.com...
>>>> I have a server with shell and WebMin access.
>>>>
>>>> I understand the directives in the virtual host section. What I
> don't
>>>> understand is how to set up ownership of the directories, I'll be
>>>> running perl scripts from a cgi-bin
>>>>
>>>> /var/www/vhosts/some_domain/cgi-bin/ cgi-bin
>>>> /var/www/vhosts/some_domain/httpdocs/ web root
>>>>
>>>> If someone could either give me step by step instructions (or point me
>>>> at a resource) of how to create the user and set up ownerships and
>>>> permissions I'd be very grateful. I'd like scripts to run from the
>>>> cgi-bin to have read/write access to the cgi-bin and webroot, but not
>>>> below (toward the root).
>>>>
>>>> I've done a great deal of reading but I just get a snippet here and
>>>> there of how to do this, and when I put all that discombobulated
>>>> knowledge into action it's a mess!
>>>>
>>>> I didn't see a more suited group, point me at one if you can't
>>> here.
>>>
>>> Assuming unix-type OS:
>> Yes.
>>
>>> Ownership: The person controlling the resources should be the owner.
>>> Typically, they get RW or RWX access.
>>> Group: I usually set web page directories to the group that apache runs
> as.
>>> Access is typically R or RX.
>>> Others: If apache is using group access, I set access by others to
> none.
>>> Otherwise, set this as R or RX.
>> Here is what I've done. I've created a user and a group:
>> my_domain_owner and I've done this:
>>
>> chown my_domain_owner.my_domain_owner /var/www/hosts/my_domain
>>
>> Then I've made apache a member of the my_domain_owner group, that seemed
>> to fix the script write permissions.
>>
>> Is there a downside to doing it this way if I keep the cgi-bin at 755
>> and the document root at 644?
>
> Note that what you did is different than what I suggested:
>
> CHOWN -R domain_owner.apache_group /var/www/....

This is the first thing that's made sense to me!

If I FTP a file, I take it that file will be owned by the user. What
group will it belong to? Will it be Apache?

If I use a script to write a file, will that file then be in the
Apache group but owned by the domain owner?

I'm thinking that the way you suggest will get rid of all this making
users part of group nonsense to get the scripts to write.

I think I'll set up a new virtual domain and give it a whirl.

Jeff

>
> With apache's group in use, "750" and "640" will protect the files from
> OTHER USERS on your system.
>
>

22/01/2008, 00h39	#5
Jeff Messages: n/a Hébergeur:	Re: Newbie Virtual host questions D. Stussy wrote: > "Jeff" <jeff@spam_me_not.com> wrote in message > news:13p8l7s99rfcgf7@corp.supernews.com... >> D. Stussy wrote: >>> "Jeff" <jeff@spam_me_not.com> wrote in message >>> news:13p6u38b2g5ip6f@corp.supernews.com... >>>> I have a server with shell and WebMin access. >>>> >>>> I understand the directives in the virtual host section. What I > don't >>>> understand is how to set up ownership of the directories, I'll be >>>> running perl scripts from a cgi-bin >>>> >>>> /var/www/vhosts/some_domain/cgi-bin/ cgi-bin >>>> /var/www/vhosts/some_domain/httpdocs/ web root >>>> >>>> If someone could either give me step by step instructions (or point me >>>> at a resource) of how to create the user and set up ownerships and >>>> permissions I'd be very grateful. I'd like scripts to run from the >>>> cgi-bin to have read/write access to the cgi-bin and webroot, but not >>>> below (toward the root). >>>> >>>> I've done a great deal of reading but I just get a snippet here and >>>> there of how to do this, and when I put all that discombobulated >>>> knowledge into action it's a mess! >>>> >>>> I didn't see a more suited group, point me at one if you can't >>> here. >>> >>> Assuming unix-type OS: >> Yes. >> >>> Ownership: The person controlling the resources should be the owner. >>> Typically, they get RW or RWX access. >>> Group: I usually set web page directories to the group that apache runs > as. >>> Access is typically R or RX. >>> Others: If apache is using group access, I set access by others to > none. >>> Otherwise, set this as R or RX. >> Here is what I've done. I've created a user and a group: >> my_domain_owner and I've done this: >> >> chown my_domain_owner.my_domain_owner /var/www/hosts/my_domain >> >> Then I've made apache a member of the my_domain_owner group, that seemed >> to fix the script write permissions. >> >> Is there a downside to doing it this way if I keep the cgi-bin at 755 >> and the document root at 644? > > Note that what you did is different than what I suggested: > > CHOWN -R domain_owner.apache_group /var/www/.... This is the first thing that's made sense to me! If I FTP a file, I take it that file will be owned by the user. What group will it belong to? Will it be Apache? If I use a script to write a file, will that file then be in the Apache group but owned by the domain owner? I'm thinking that the way you suggest will get rid of all this making users part of group nonsense to get the scripts to write. I think I'll set up a new virtual domain and give it a whirl. Jeff > > With apache's group in use, "750" and "640" will protect the files from > OTHER USERS on your system. > >