LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   need explanation of multiple user/group Q's (https://www.linuxquestions.org/questions/linux-newbie-8/need-explanation-of-multiple-user-group-qs-347341/)

a2tech 07-27-2005 12:30 PM
need explanation of multiple user/group Q's
 
Hi,

New at administering a server, and need some explanation or description. When I try install software on my Linux server, some packages say "need to run as nobody" or some other user name. My web server runs as user Apache.

In a case where multiple web packages have different users they want to run as, which one should own a folder? And do I need to add the other users to the Apache group?

Also, I am running php and having a problem b/c one package, which has been running for about 6 months, says that it can't write to the session folder. I checked the permissions. It is owned by the Apache group w permissions of

drwx------

If this other package says it can't write to it, but had been running for several months w steady usage, then can someone tell me a clue about:

1. What to change tyhe permissions to so that the session folder is both secure, but can be used by the packages that need it?

2. What the background relationship should be between these multiple users (apache, nobody, etc) in a case like this?

TIA

trickykid 07-27-2005 01:18 PM
Some processes require to run as 'nobody' or 'apache' as these are system users without passwords, to make the running processes more secure.

Like for instance, some will run apache or httpd as the user web, which is a user and group. It doesn't have a password. In some cases, the files shared thru the apache server will also be owned by the user 'web' and belong to the 'web' group. If you need particular users to be able to edit such files, add them to the 'web' group. In other cases, the users themselves can own the files themselves, they'll just need to make the files readable by all. Usually permissions of -rwxr-x-r-x is sufficient for most pages to be read by all and you won't get any errors trying to view the pages, etc.

The sessions you find in /tmp should be owned by the user that apache runs as. If you find that you get errors saying that it can't be read, the majority of the time apache was shutdown and restarted uncleanly. Whenever I encounter such problems, I'll shutdown apache, remove the session files in /tmp and then restart apache.

In other cases, if your running a daemon, it's best to run it as 'nobody' or another account that has no actual shell or login capabilities. Like for example, mysql will run as the mysql user in which is created during the install process of mysql.


All times are GMT -5. The time now is 07:07 PM.