LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-08-2005, 02:57 PM   #1
bbbb
LQ Newbie
 
Registered: Nov 2005
Location: Amsterdam, Netherlands
Distribution: Mandriva cooker
Posts: 22

Rep: Reputation: 15
root-like permissions ?


hi everyone

(not sure if this is newb or medium level so I just though Id post it here...)

I am currently in the process of setting up a http server on linux (mandriva 2006; works fine no probs etc I know the distro and Im happy with it so please dont tell me to change to debian or redhat like all those others did; I dont like debian's look and I dont like redhat's way of doing things and I am a mandriva-er through and through). everything runs fine; apache with the psp and php mod and a mysql server. the thing I have problems with are the directory permissions. say I have the root www directory, /var/www . then, in that, I have different direcotries for different sites with different permissions for every site has a different webmaster. then there is also the fact that I want to have a wwwroot user (or something of the like) that has full access to every directory and/or file in /var/www , no matter what the permissions are. like the root account has but this one only in /var/www . then there is also the fact that the files, no matter where they are, can contain passwords (like for mysql access) so should be settable to a minimum of xx0 permissions, but the apache user in the apache group must be able to read them nontheless. first question: is this possible? I now content myself doing everything as root, but that is of course very risky business as I often perform recursive removals so the day I mistype this horror rm -rf / is only waiting to come.

so, any suggestions? of course if someone has a solution that solves everything except for one thing Id be glad to hear it...

thanks a bunch!!!

-b^4
 
Old 11-08-2005, 04:06 PM   #2
Back_to_Linux
Member
 
Registered: Sep 2005
Location: PARIS
Distribution: Mandriva 10.0 Communoty
Posts: 117

Rep: Reputation: 15
first : you can change the user and the group of you web'server.
second : you can use the .htaccess file to allow certains persons to access (R or W or X) some directories individualy.
to finish : it's better way to place your root web documents on a different partition, than thesystem reside. Because all can happens, if you web'server crash, your box still stay intact.
Other suggestion : you can use virtual server within your apache server by adding sections at the end of hhtpd.conf' file.
 
Old 11-08-2005, 06:29 PM   #3
bbbb
LQ Newbie
 
Registered: Nov 2005
Location: Amsterdam, Netherlands
Distribution: Mandriva cooker
Posts: 22

Original Poster
Rep: Reputation: 15
I wasnt talking about apache access only, apache is just a little part in this. I mean the system-wide settings. for example; I have user A that wants to log in from the box to edit his webpage. he has write permissions on /var/www/a.com/ . then I have user B that logs in through ssh, and user C through ftp. just examples (it will be ftp most of the time, but I want to keep the options open by configuring it on the system-level). the permissions on the whole /var/www tree will have to be 0 for others; no read or write or execute. groups; I don't know and users 6/7 (of course). but then again, B shouldnt be able to write in /var/www/a.com and the other way around. and to top it all off, there should be a uber-webmaster administrating ALL the sites, having access to ALL the files within /var/www at any time. the user must not be able to prohibit this uberwebmaster from accessing and modifying his files. ah, and I almost forgot; the user apache of the froup apache (though the group can be changed if needed) must have read access to all the files (except if the user owning them doesnt want to). for ex; Id be fine with apache executing some of my php scripts containing mysql passwords but I do not want anyone else scooping around in them. is it a little bit more clear this way?

so; is that possible?
 
Old 11-09-2005, 03:59 PM   #4
Back_to_Linux
Member
 
Registered: Sep 2005
Location: PARIS
Distribution: Mandriva 10.0 Communoty
Posts: 117

Rep: Reputation: 15
the user define in apache is the user who launch the child process server and own the entire site.
The user define on the system can publish they own page from "OWN" home directory, not inside the master site.
You understand? Don't permit user to write in /var/www. It's abetter way to include they own directory in httpd.conf <Directory /home/~user/public/www>
options
options
<Directory />
Or something like.
B can't write in home directory owned by A
B can't write in apache directory
A too.
and so on.
If you configure apache for the virtual hosting, each user will got they own site, independent with master site which run childs.
With the .htaccess procedure, you can adjust finely the autorization of your scipts
 
Old 11-09-2005, 05:17 PM   #5
kurtdriver
Member
 
Registered: May 2005
Location: Vancouver, Canada
Distribution: Fedora 18, Puppy Linux, various others
Posts: 107

Rep: Reputation: 15
This is the url for the mandriva forumn, where you will, presumably, not be advised to use debian. The linux way is to have many possibilities. Happy computing, Kurt

http://www.linuxquestions.org/questi...php?forumid=30

Last edited by kurtdriver; 11-09-2005 at 10:39 PM.
 
Old 11-09-2005, 05:36 PM   #6
Back_to_Linux
Member
 
Registered: Sep 2005
Location: PARIS
Distribution: Mandriva 10.0 Communoty
Posts: 117

Rep: Reputation: 15
I'll go where i want.
i've got nothing to demonstrate, i help people, what you say and what you do now?
i try to build a community wuth all people like me : helper.
And you with a sentence, you resolve all entire world' trouble?
Thank you very much for you constructive dialog.
It's good to proclam : linux is made for people who want to build our own sytem...........". explain the basic thing, and after show the entire pwer of linux. "Read RFM" isn't the solution.
given some personnal experience or some configuration which work for us is not a "needing to prove their superiority by telling you to do things their way.".
Sometime, we must show to explain, the theoric isn't enough to have a complete approach of a problem.
if you want to proove something, the first thing you do is to show an example....Linux is same way.
 
Old 11-09-2005, 05:48 PM   #7
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 469Reputation: 469Reputation: 469Reputation: 469Reputation: 469
I've just read this thread and the last 2 posts make no sense. kurtdriver, if your post wasn't an accident then it was just pointless. Don't do it again. If it was an accident, and you meant to post it elsewhere, then you should return to fix the post.

Back_to_Linux, ignore the post from kurtdriver and continue.
 
Old 11-12-2005, 07:03 AM   #8
bbbb
LQ Newbie
 
Registered: Nov 2005
Location: Amsterdam, Netherlands
Distribution: Mandriva cooker
Posts: 22

Original Poster
Rep: Reputation: 15
I think kurt just meant to point out that there was a mandriva forum to me, regarding my comment about the OS I'm using.. ? I don't think it was directed to back_to_linux.

in reply to back_to_linux's post; I think I understand what you mean. I have a question though; if I do that, will there be a possibility for some kind of user to edit all the websites owned by those people? and about .htaccess; that file adjusts how apache handles the permissions, right? but if the files in the directory of the site are owned like this for example

-rwx------ 1 userA wwwusers 2K Nov 6 00:59 index.php

can apache then still read the file and display it on the web? my experience with this is, though I have very little experience, that if the file is not readable by all or user or group apache, then apache can't access it... can htaccess possibly fix that? it looks like a system-level permission denial to me...? ok, then you say; make it readable by all. but what if my index.php file stores the password for the mysql database...? then anyone with physical login access will be able to read the file (unprocessed) too, or am I wrong on that point?

I would like to hear your opinions on that matter

thank you a whole lot! you've helped me very much already! you guys are the best. seriously.

-b^4

(I'll jump to the mandriva forum once nobody here wants to answer anymore... since this looks more like an overall linux question than a mandriva-specific one...)

Last edited by bbbb; 11-12-2005 at 07:14 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
root permissions wass29 Slackware 3 05-10-2004 11:58 AM
Root permissions frostbite Linux - Newbie 7 08-06-2003 09:03 AM
permissions as root chlee Linux - Software 5 05-11-2003 09:49 PM
permissions as root in X chlee Slackware 1 05-10-2003 11:32 PM
root permissions explorer Linux - Newbie 3 03-06-2003 05:17 PM


All times are GMT -5. The time now is 07:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration