LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-12-2013, 06:46 PM   #1
sparcusa
LQ Newbie
 
Registered: Nov 2013
Posts: 2

Rep: Reputation: Disabled
Granting directory access to apache docroot


Newbie security question. I'm running CENTOS5. I have disabled password entry to enhance security and turned off remote root access. I setup a remote login user account with a private key called user1. I want to give user1 access to the apache docroot so he can upload files. The apache docroot directory is owned by the daemon group. I put user1 into that group and user1 can not write to that directory even though daemon has 755 access to the docroot directory.

Q1 How do I safely give user1 upload access to docroot?
 
Old 11-13-2013, 01:39 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Use ACLs ('man acl; man getfacl; man setfacl') and search LQ for "setfacl" or see an example at http://stackoverflow.com/questions/4...rmission-issue.
 
Old 11-13-2013, 04:15 AM   #3
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
Blog Entries: 11

Rep: Reputation: 233Reputation: 233Reputation: 233
Give write permission to group. chmod g+w or chmod 775.
Mind that after adding the user to the group you have relog to have it take effect.
 
Old 11-13-2013, 06:37 AM   #4
sparcusa
LQ Newbie
 
Registered: Nov 2013
Posts: 2

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by zhjim View Post
Give write permission to group. chmod g+w or chmod 775.
Mind that after adding the user to the group you have relog to have it take effect.
Is there any security significance to the 'daemon' user?
 
Old 11-13-2013, 08:34 AM   #5
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
Blog Entries: 11

Rep: Reputation: 233Reputation: 233Reputation: 233
Sems like it owns the apache daemon. Dunno if any other services are running with a member of this group. Get a listing of the group members and take a look.
You could also chown the group to the group of user1. Or use acl's like unspawn suggested.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Granting Apache write access hansfordmc Linux - Newbie 2 08-24-2012 11:13 PM
Granting full write access to another users web directory acctman Linux - Server 2 02-12-2009 05:32 PM
VHost tries to use apache docroot images, should not belorion Linux - Server 1 02-03-2007 04:05 PM
Apache 2.0.54 DocRoot strange behaviour with VirtualHost dimsh Linux - Newbie 2 12-24-2005 03:31 AM
Fresh Load FC3 Apache err - Docroot must be directory trekk Linux - Networking 18 11-30-2004 04:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration