make apache run as the user
 

hi all

i'm trying to set up my home server in a way that is similar to dreamhost
i've got the site running correctly from my home directory, but apache just isn't allowed to perform certain actions (mostly file i/o) because it doesn't have the correct permissions

i am using fedora 8 with the yum installed httpd
php (5.2.6) is compiled from source and works fine (as a cgi app)

i've tried to tweak suexec a couple of times, but i really don't know how it works, or if it is even the right thing to play with

so my question is, how do i make apache run as the logged in user (or the user that owns the directory) rather than as itself?

any ideas?
dave

Give read and directory execute permissions to your web files. You're offering them to the world - read permission won't hurt anything locally.

Apache runs privileged because it opens a privileged port (TCP port 80). What real problem are you trying to solve ?

thanks for your reply

read is not the problem, i can view the site fine
the problem is writing files, because the site is located in a user home directory
apache doesn't have permissions to write any files there when it is run by the www user (or nobody or whatever it is)
i need it to be run by the actual owner of the home directory, ie. the php.cgi needs to be executed by the home owner and not by apache

does that make sense?

dave

Apache can of course write and create files provided the directory permissions are set appropriatly. You can make them group owned by www and give whatever permission you want to owner/other.

If you need the cgi to run as a user, then either use suexec, or a setuid program that performs the operations. There are security considerations in either case, and there is no short, easy way to describe them. You're going to have to learn about setuid regardless, but start with http://httpd.apache.org/docs/2.2/suexec.html.