LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Permissions for an apache webserver
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-20-2011, 08:37 PM   #1
Morten
LQ Newbie
 
Registered: May 2011
Posts: 5

Rep: Reputation: Disabled
Permissions for an apache webserver

Hi,

I'm running my own Debian 6.0 server. I have used the following guide for setting the system up (did not install ispconfig):

http://www.howtoforge.com/perfect-se...er-ispconfig-3

A short summary:
Apache 2.2.16, Postfix mail server, MySQL, BIND nameserver, PureFTPd, SpamAssassin, ClamAV, Fail2ban, MySQL.

For the handling of homepages I use the apache directive in virtual.conf.

However I'm not quite sure, what to do with permissions. My ftp-users (virtual and chrooted) are all running as user 'ftpuser' as a member of 'ftpgroup'.

My current setup is as follows:

/var/www/ drwxrwxr-x root root
/var/www/domain.dk/ drwxr-xr-x ftpuser ftpgroup
/var/www/domain.dk/index.php -rw-r--r-- ftpuser ftpgroup

Currently it isn't possible for PHP to create new files in directory "domain.dk", only for the ftp users. I would like both to be able to do so.
With security in mind, is it okay, to make apache a part of the 'ftpgroup', which would give apache access to all domains?

Do you have any other suggestions for improving security?

Best regards
Morten
 
Old 05-21-2011, 03:32 AM   #2
hua
Member
 
Registered: Oct 2006
Location: Slovak Republic
Distribution: Slackware 14.2, current
Posts: 461

Rep: Reputation: 78
There is a very good thread about this issue. Especially the post of NominalAnimal.
http://www.linuxquestions.org/questi...287/page2.html
Last edited by hua; 05-21-2011 at 03:34 AM.
 
  


Reply

Tags
access, apache2, debian, permissions, server



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Lack basic understanding of permissions(apache permissions problem) cK` Linux - Newbie 7 04-08-2010 11:49 PM
Apache Webserver on Slackware - Failed to Start Apache - 'no listening sockets .." CCTVGuru Linux - Server 4 10-11-2009 01:14 AM
Apache webserver Help.. co_macho Mandriva 5 02-26-2006 10:22 PM
Apache Webserver 403 Forbidden Errors (User not in apache group?) Mankind75 Mandriva 4 07-08-2004 05:30 AM
Apache webserver trusouthrnplaya Linux - Networking 1 03-30-2003 11:34 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:01 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration