Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: RedHat 8 or 9 (shrike)- Fedora Core 1,2
Posts: 215
Rep:
Apache 2.0.40 and document path
Im running RH9 and the default page is in /var/www/html and i will like to change it to ex: /home/user/www/ but it wont let me.
ive tryied everything
i change the document path and cgi path but im getting an 403 error message. im not sure if it has to do with permissions. Im also using SSL and ive heard that ssl and vhost dont like eachother........help please
error 403 is forbidden, so most likely you didn't change the permissions. Usually by default for user's home directories, only they have read/write access, so if you didn't change the permissions on the directory your setting your default root directory for, then well, you need to change it accordingly.
man chmod
AFAIK, you can't use SSL for any of the virtual hosts.. but for the main server configuration you can still use it.. not totally positive on that one off top of my head though.
The files must be readable (executeable for directories and scripts) by the user the server runs as. Look at the User and Group directives in httpd.conf
I usually leavethe files owned by the user who maintains them and chgrp the files to the user that the server runs as.
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238
Rep:
actually the files need to be readable by the group everyone. Doesn't matter who owns them or what the owner permissions are. Apache worries about the "r" for the files to everyone. go with something like 664 for the files in the directory you want to serve up static pages. CGI-BIN well that needs "x".
Originally posted by cyph3r7 actually the files need to be readable by the group everyone. Doesn't matter who owns them or what the owner permissions are. Apache worries about the "r" for the files to everyone. go with something like 664 for the files in the directory you want to serve up static pages. CGI-BIN well that needs "x".
Actually - your wrong.
The user and or group that apache runs as must have access to the files be it readable, writable or executable. Making scripts readable by everyone on a system could be classed as a security threat as any user could be able to find security holes in one of the scripts alot easier than if they were guessing.
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238
Rep:
Quote:
Originally posted by david_ross Actually - your wrong.
The user and or group that apache runs as must have access to the files be it readable, writable or executable. Making scripts readable by everyone on a system could be classed as a security threat as any user could be able to find security holes in one of the scripts alot easier than if they were guessing.
Before you make such definative staements friend be sure you are accurate....
Here is my setup and ooops look at that....it works like a champ Why? Becuase a webserver MUST be accessable globally by everyone. Now yes all the moving parts for apache, meaning executables must be able to be run by the owner APACHE however we are not discussing that. As far as CGI's go, hello they are executables that will need to be run globally also. CGI's are your responsibility to make sure they don't do something stupid.
Now check out my setup at home. I run about 30 production sites in a similar fashion for a fortune 50.
[root@webserver1 web1]# ls -l
total 9212
-rw-r--r-- 1 ftpuser ftp 15 Jun 7 12:07 index.html
-rw-r--r-- 1 ftpuser ftp 2216539 Apr 25 12:15 sawmill6.4.5_x86_linux.tar.gz
drwxr-xr-x 2 root root 4096 May 7 07:48 ssh
[root@webserver1 web2]# ls -l
total 4
-rw-r--r-- 1 apache apache 15 Apr 23 09:33 index.html
Note dir web1 does NOT have any referrence to the user apache and it works fine. Web2 does and it works too. All about the global read persmission for the group everyone.
As for the security threat of CGI's if you are gonna use then you better be prepared. they must be in a dir that has global execute for the group everyone or they will not work. When a user hits your site they do not hit it as the user of your apache server, meaning they do not read your pages or cgi's as the user apache. If they did that would be a HUGE security issue. SSI's well they are a different creature....server side....
I am 100% acurate. I split the bullseye into pieces with one arrow. I couldn't be more sure. I do this for a living.
I'm not saying that it won't work if you use the all user bit since the webserver must afterall run as a user. What I am saying is that you DON'T need your files to be readable by all.
For the sake of argument here is a test process I went through to prove it:
Code:
[root@boycie root]# vi /var/www/html/test.html
<HTML>
<HEAD>
<TITLE>Hello World!</TITLE>
</HEAD>
<BODY>
<H1>Hello World!</H1>
</BODY>
</HTML>
~
~
"/var/www/html/test.html" [New] 9L, 96C written
[root@boycie root]# ls -l /var/www/html/test.html
-rw-r--r-- 1 root root 96 Jun 22 13:43 /var/www/html/test.html
[root@boycie root]# chmod 640 /var/www/html/test.html
[root@boycie root]# chgrp apache /var/www/html/test.html
[root@boycie root]# ls -l /var/www/html/test.html
-rw-r----- 1 root apache 96 Jun 22 13:43 /var/www/html/test.html
Now when I vist "http://boycie/test.html" surprise surprise I get a page that said "Hello World!"
Last edited by david_ross; 06-22-2003 at 08:23 AM.
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238
Rep:
yes what you are saying is correct but not for what he wants to do. It looked like his request was to have pages readable from a users home directory. I don't think you would want your users in the apache group for security reasons.
In his case he should define a user in his/her own group and give "r" to everyone.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.