Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-21-2003, 05:37 PM
|
#1
|
Member
Registered: Oct 2002
Distribution: RedHat 8 or 9 (shrike)- Fedora Core 1,2
Posts: 215
Rep:
|
Apache 2.0.40 and document path
Im running RH9 and the default page is in /var/www/html and i will like to change it to ex: /home/user/www/ but it wont let me.
ive tryied everything
i change the document path and cgi path but im getting an 403 error message. im not sure if it has to do with permissions. Im also using SSL and ive heard that ssl and vhost dont like eachother........help please
|
|
|
06-21-2003, 05:48 PM
|
#2
|
LQ Guru
Registered: Jan 2001
Posts: 24,149
|
error 403 is forbidden, so most likely you didn't change the permissions. Usually by default for user's home directories, only they have read/write access, so if you didn't change the permissions on the directory your setting your default root directory for, then well, you need to change it accordingly.
man chmod
AFAIK, you can't use SSL for any of the virtual hosts.. but for the main server configuration you can still use it.. not totally positive on that one off top of my head though.
|
|
|
06-21-2003, 05:54 PM
|
#3
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
The files must be readable (executeable for directories and scripts) by the user the server runs as. Look at the User and Group directives in httpd.conf
I usually leavethe files owned by the user who maintains them and chgrp the files to the user that the server runs as.
|
|
|
06-21-2003, 07:47 PM
|
#4
|
Member
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238
Rep:
|
actually the files need to be readable by the group everyone. Doesn't matter who owns them or what the owner permissions are. Apache worries about the "r" for the files to everyone. go with something like 664 for the files in the directory you want to serve up static pages. CGI-BIN well that needs "x".
|
|
|
06-21-2003, 08:30 PM
|
#5
|
Member
Registered: Oct 2002
Distribution: RedHat 8 or 9 (shrike)- Fedora Core 1,2
Posts: 215
Original Poster
Rep:
|
Well i almost got it ......one thing im missing
when i do a
http://localhost it goes to the new dir /home/user/www/
but if a do https://localhost
is still reading from old dir /var/www/html/ Why?
what im missing?
|
|
|
06-21-2003, 11:32 PM
|
#6
|
Member
Registered: Oct 2002
Distribution: RedHat 8 or 9 (shrike)- Fedora Core 1,2
Posts: 215
Original Poster
Rep:
|
anyone?
|
|
|
06-21-2003, 11:50 PM
|
#7
|
Member
Registered: Oct 2002
Distribution: RedHat 8 or 9 (shrike)- Fedora Core 1,2
Posts: 215
Original Poster
Rep:
|
Never mind , i got it ...........i had to make some changes on the ssl.conf file
|
|
|
06-22-2003, 06:56 AM
|
#8
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
Quote:
Originally posted by cyph3r7
actually the files need to be readable by the group everyone. Doesn't matter who owns them or what the owner permissions are. Apache worries about the "r" for the files to everyone. go with something like 664 for the files in the directory you want to serve up static pages. CGI-BIN well that needs "x".
|
Actually - your wrong.
The user and or group that apache runs as must have access to the files be it readable, writable or executable. Making scripts readable by everyone on a system could be classed as a security threat as any user could be able to find security holes in one of the scripts alot easier than if they were guessing.
|
|
|
06-22-2003, 09:09 AM
|
#9
|
Member
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238
Rep:
|
Quote:
Originally posted by david_ross
Actually - your wrong.
The user and or group that apache runs as must have access to the files be it readable, writable or executable. Making scripts readable by everyone on a system could be classed as a security threat as any user could be able to find security holes in one of the scripts alot easier than if they were guessing.
|
Before you make such definative staements friend be sure you are accurate....
Here is my setup and ooops look at that....it works like a champ Why? Becuase a webserver MUST be accessable globally by everyone. Now yes all the moving parts for apache, meaning executables must be able to be run by the owner APACHE however we are not discussing that. As far as CGI's go, hello they are executables that will need to be run globally also. CGI's are your responsibility to make sure they don't do something stupid.
Now check out my setup at home. I run about 30 production sites in a similar fashion for a fortune 50.
drwxr-xr-x 3 ftpuser ftp 4096 Jun 7 12:07 web1
drwxr-xr-x 2 apache apache 4096 Apr 23 09:33 web2
[root@webserver1 web1]# ls -l
total 9212
-rw-r--r-- 1 ftpuser ftp 15 Jun 7 12:07 index.html
-rw-r--r-- 1 ftpuser ftp 2216539 Apr 25 12:15 sawmill6.4.5_x86_linux.tar.gz
drwxr-xr-x 2 root root 4096 May 7 07:48 ssh
[root@webserver1 web2]# ls -l
total 4
-rw-r--r-- 1 apache apache 15 Apr 23 09:33 index.html
Note dir web1 does NOT have any referrence to the user apache and it works fine. Web2 does and it works too. All about the global read persmission for the group everyone.
As for the security threat of CGI's if you are gonna use then you better be prepared. they must be in a dir that has global execute for the group everyone or they will not work. When a user hits your site they do not hit it as the user of your apache server, meaning they do not read your pages or cgi's as the user apache. If they did that would be a HUGE security issue. SSI's well they are a different creature....server side....
|
|
|
06-22-2003, 09:21 AM
|
#10
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
I am 100% acurate. I split the bullseye into pieces with one arrow. I couldn't be more sure. I do this for a living.
I'm not saying that it won't work if you use the all user bit since the webserver must afterall run as a user. What I am saying is that you DON'T need your files to be readable by all.
For the sake of argument here is a test process I went through to prove it:
Code:
[root@boycie root]# vi /var/www/html/test.html
<HTML>
<HEAD>
<TITLE>Hello World!</TITLE>
</HEAD>
<BODY>
<H1>Hello World!</H1>
</BODY>
</HTML>
~
~
"/var/www/html/test.html" [New] 9L, 96C written
[root@boycie root]# ls -l /var/www/html/test.html
-rw-r--r-- 1 root root 96 Jun 22 13:43 /var/www/html/test.html
[root@boycie root]# chmod 640 /var/www/html/test.html
[root@boycie root]# chgrp apache /var/www/html/test.html
[root@boycie root]# ls -l /var/www/html/test.html
-rw-r----- 1 root apache 96 Jun 22 13:43 /var/www/html/test.html
Now when I vist "http://boycie/test.html" surprise surprise I get a page that said "Hello World!"
Last edited by david_ross; 06-22-2003 at 09:23 AM.
|
|
|
06-27-2003, 10:48 AM
|
#11
|
Member
Registered: Apr 2003
Location: Silicon Valley East, Northern Virginia
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238
Rep:
|
yes what you are saying is correct but not for what he wants to do. It looked like his request was to have pages readable from a users home directory. I don't think you would want your users in the apache group for security reasons.
In his case he should define a user in his/her own group and give "r" to everyone.
Looks like we were bickering semantics.....
Was a good education for non-apache aficionados
|
|
|
06-27-2003, 11:05 AM
|
#12
|
LQ Newbie
Registered: Jun 2003
Location: Austin, Texas
Distribution: Gentoo
Posts: 27
Rep:
|
i learned some :P
|
|
|
All times are GMT -5. The time now is 03:38 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|