LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 06-28-2006, 07:13 PM   #1
lt_wentoncha
Member
 
Registered: Apr 2005
Posts: 42

Rep: Reputation: 15
apache doc root ownership


Hi all,

So, the owner:group of my apache root folder is apache2:www. How should I go about securing the root folder? I ran passwd on apache2 and changed the password...is it safer to have that account disabled? What type of security regimen should I employ when logging into the doc folder?

Thanks again for the help.
 
Old 06-30-2006, 09:23 AM   #2
cdhgee
Member
 
Registered: Oct 2003
Location: St Paul, MN
Distribution: Fedora 8, Fedora 9
Posts: 513

Rep: Reputation: 30
It depends on your intentions. The password of the account used to run apache is irrelevant because if it's been set up correctly that account shouldn't be configured for interactive access, and the apache process will be started by root using setuid. As long as the apache account has either owner or group read access to the doc root, you should be fine, and you can remove access from other users entirely.

Of course, you may want to have some users to have access to the docroot so they can maintain the website...
 
Old 06-30-2006, 04:04 PM   #3
lt_wentoncha
Member
 
Registered: Apr 2005
Posts: 42

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by cdhgee
It depends on your intentions. The password of the account used to run apache is irrelevant because if it's been set up correctly that account shouldn't be configured for interactive access, and the apache process will be started by root using setuid. As long as the apache account has either owner or group read access to the doc root, you should be fine, and you can remove access from other users entirely.

Of course, you may want to have some users to have access to the docroot so they can maintain the website...
Hmmm, did I mess it up by assigning in it a password? It wasn't my intention to access the folder as apache2, but as some other account.

Thanks.
 
Old 06-30-2006, 04:54 PM   #4
cdhgee
Member
 
Registered: Oct 2003
Location: St Paul, MN
Distribution: Fedora 8, Fedora 9
Posts: 513

Rep: Reputation: 30
No, it just doesn't matter whether it has a password or not because the password is never used.

If you want to control what users can access the docroot folder, the best way is to set it up as follows:

set the owner to be apache2, and run httpd under the apache2 account. set permissions for the owner to r-x
set the group to be www, and add users who you want to allow to modify the docroot & its contents to this group. set permissions for the www group to rwx
set the permissions for all others to be r-x or --- depending on your preference

thus you should end up with

Code:
dr-xrwx--- apache2 wwww         mydocroot
or something similar.
 
  


Reply

Tags
apache, group, owner, permissions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
I've tried everything - Can't Change Root Ownership of USB HD rrrssssss Linux - Newbie 5 11-24-2005 04:52 AM
root keeps taking ownership of ~/.Xauthority devfreak Fedora 3 04-07-2005 10:24 AM
Apache, same ip two doc root, two ports and a tunnel korozion Linux - Software 1 03-15-2005 05:29 PM
Problem accessing subdirs from doc root on Apache server ph0ngwh0ng Linux - Newbie 4 04-24-2004 12:02 PM
Apache File Ownership wenberg Linux - Software 2 04-02-2004 09:39 PM


All times are GMT -5. The time now is 11:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration