LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 07-27-2005, 01:30 PM   #1
a2tech
LQ Newbie
 
Registered: Jul 2005
Posts: 1

Rep: Reputation: 0
need explanation of multiple user/group Q's


Hi,

New at administering a server, and need some explanation or description. When I try install software on my Linux server, some packages say "need to run as nobody" or some other user name. My web server runs as user Apache.

In a case where multiple web packages have different users they want to run as, which one should own a folder? And do I need to add the other users to the Apache group?

Also, I am running php and having a problem b/c one package, which has been running for about 6 months, says that it can't write to the session folder. I checked the permissions. It is owned by the Apache group w permissions of

drwx------

If this other package says it can't write to it, but had been running for several months w steady usage, then can someone tell me a clue about:

1. What to change tyhe permissions to so that the session folder is both secure, but can be used by the packages that need it?

2. What the background relationship should be between these multiple users (apache, nobody, etc) in a case like this?

TIA
 
Old 07-27-2005, 02:18 PM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
Some processes require to run as 'nobody' or 'apache' as these are system users without passwords, to make the running processes more secure.

Like for instance, some will run apache or httpd as the user web, which is a user and group. It doesn't have a password. In some cases, the files shared thru the apache server will also be owned by the user 'web' and belong to the 'web' group. If you need particular users to be able to edit such files, add them to the 'web' group. In other cases, the users themselves can own the files themselves, they'll just need to make the files readable by all. Usually permissions of -rwxr-x-r-x is sufficient for most pages to be read by all and you won't get any errors trying to view the pages, etc.

The sessions you find in /tmp should be owned by the user that apache runs as. If you find that you get errors saying that it can't be read, the majority of the time apache was shutdown and restarted uncleanly. Whenever I encounter such problems, I'll shutdown apache, remove the session files in /tmp and then restart apache.

In other cases, if your running a daemon, it's best to run it as 'nobody' or another account that has no actual shell or login capabilities. Like for example, mysql will run as the mysql user in which is created during the install process of mysql.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to list user in Linux box, add an user to a group! steady_lfcfan Linux - Newbie 12 01-27-2013 02:14 PM
User and Group Admin: How to tell Who is in What group? Akhran Linux - Newbie 1 11-13-2005 12:16 AM
Multiple Q's: configuration, customization, possibilities Superion Linux - Newbie 6 08-25-2005 01:41 PM
changing ownership and group of multiple files.. utanja Debian 3 02-21-2005 07:10 PM
Multiple Group Rights to One Directory JWatson Linux - Security 4 12-31-2004 02:13 PM


All times are GMT -5. The time now is 09:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration