LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Running Apache as a certain user (http://www.linuxquestions.org/questions/linux-server-73/running-apache-as-a-certain-user-607469/)

jlukensow 12-17-2007 06:11 PM

Running Apache as a certain user
 
I know that you can run apache as a certain user, and group. But my question is, I have multiple vhost on my Linux server, is there a way to run apache for each vhost that is configured, as each user.

Example. If I have a user james, matt, and john, can I set up apache as 3 different users?

Shade 12-17-2007 06:44 PM

I imagine the reason you want to do this is for serving pages out of the users' home directories? Is this correct?

In any case, this isn't usually done. Standard practice is to assign those users to the apache group rather than have apache run as those users.

What is it that you are trying to achieve?

dkm999 12-17-2007 06:45 PM

According to my documentation, since version 2.0, the User configuration command, which would be used to make this happen, is only valid in the global context, meaning that it applies to all virtual servers that run on a single machine. The only way that I can see to get the effect you want is to have your system respond to several IP addresses, and configure a separate httpd instance (with its own configuration file specifying the IP address to listen on) for each user.

This is less efficient, and (probably) more costly, but could produce the result you said you wanted. Otherwise, you are stuck with all virtual servers using the same User/Group spec. This may not be too bad if you use the default protections (755 or 750), since you can establish each user's webspace with them as owner, and a group that includes apache as a legal member. The only other problem is script privileges; for that there is a separate facility called suExec; I recommend a good read of the manual for that if script execution is what you are trying to control.

adamben 12-17-2007 07:04 PM

Running Apache as a certain user.
 
You may be interested in:
http://httpd.apache.org/docs/2.2/mod/mod_suexec.html

jlukensow 12-18-2007 09:52 AM

Quote:

Originally Posted by Shade (Post 2994024)
I imagine the reason you want to do this is for serving pages out of the users' home directories? Is this correct?

In any case, this isn't usually done. Standard practice is to assign those users to the apache group rather than have apache run as those users.

What is it that you are trying to achieve?

The reason I'm trying to do this is as follows. I'm currently hosting 3 websites, two of them are mine, and one is my buddy's. I set it up, which might be wrong, by creating 3 different users, and serving the web docs out of public_html in their directories.

Now the problem occurs when I use Joomla. When I first copy all the files and folders into the directory, everything is good. Ownership is "james:users" on all files and folders. But when I am using Joomla, and I install a third party component, that components folder, and files, are now "www:users". And sometimes, when I am using the administrator panel, and want to remove that component, it fails, becuase of ownership problems.

So I'm trying to figure out a way, that is consistent throughout.

jlukensow 12-19-2007 02:46 PM

Anyone have any ideas on this topic?

pengaru 12-19-2007 08:13 PM

Suexec will enable you to run the cgi (I presume joomla is a cgi) as different users providing you set a User and Group in the respective virtualhost sections.

If you are running Joomla via something like mod_perl or mod_php you are going to have a headache... Because this will execute the scripts as the user & group apache runs as without the possibility of suexec wrapping.

The files and directories created by Joomla will have ownership reflecting the process' user and group. This is why if suexec is used it will be a better fit for your home-directory seperation, this creates new processes and switches to the appropriate user and group.

The mod_perl/mod_php approach runs the dynamic parts in the apache process context, largely incompatible with traditional apache-based virtual hosting.

hope that helps.


All times are GMT -5. The time now is 03:27 PM.