LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 06-26-2003, 03:11 AM   #1
codefather
LQ Newbie
 
Registered: Mar 2003
Location: India
Distribution: RH8
Posts: 8

Rep: Reputation: 0
Apache server allowing ssh


I need help in apache security setting of a high school.
We have setup the server so that http ://myschool.edu/~student1/ will be translated to /home/student1/public_html/ .This much works fine. However, we also allow ssh access to students. Problem is, student2, who is another (ssh)user on the system, can also view the html code of student1. If student1 makes his public_html folder inaccessible to other users(chmod o-r), his webpage will throw a Permission Denied error.
Is there any solution to this problem?

Thanks.
 
Old 06-26-2003, 03:20 AM   #2
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
Good question but I have a question for you. If student1 is offering web pages viewable to the public then what is stopping the public from right-clicking on student1's page and viewing the source code? Putting a page on the web is, by default, allowing access to the code.
 
Old 06-26-2003, 04:03 AM   #3
codefather
LQ Newbie
 
Registered: Mar 2003
Location: India
Distribution: RH8
Posts: 8

Original Poster
Rep: Reputation: 0
We are planning to let them run php/perl scripts, not just pure html. And this was a question one of the students asked me - it never struck any of us
 
Old 06-26-2003, 04:18 AM   #4
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
Ah ha. Well then. That is a very good point. hmmm...I'm going to have to gracefully bow away from this one and let some guru take over.
 
Old 06-26-2003, 05:33 AM   #5
sepski
LQ Newbie
 
Registered: Jun 2003
Location: norway
Distribution: rh 6.x, rh7.x, rh8, rh9, leaf, mandrake 9.1
Posts: 4

Rep: Reputation: 0
how about using apache as group ?
and set it like this

ll -d /home/username
drwx--x--- 5 username apache 4096 Jan 30 01:18 username

ll -d /home/username/public_html
drwxr-x--- 15 username apache 4096 Jun 26 10:34 /home/username/public_html

the apache group must contain the user running apache, this is usualy the apache user.
 
Old 06-26-2003, 06:08 AM   #6
codefather
LQ Newbie
 
Registered: Mar 2003
Location: India
Distribution: RH8
Posts: 8

Original Poster
Rep: Reputation: 0
I am not sure whether I understood what you said What I get is to make a group apache which has read/execute privileges on public_html directories. But that should mean student1 also be in apache group. Sorry if I didnt make myself clear earlier, but student2 also has his own webpage and all. So he too needs to be in apache group if his pages are to be displayed. And since both are now in same group, they both have read access to each others.....well.....am i confusing or is it just that i am confused???
 
Old 06-26-2003, 06:28 AM   #7
sepski
LQ Newbie
 
Registered: Jun 2003
Location: norway
Distribution: rh 6.x, rh7.x, rh8, rh9, leaf, mandrake 9.1
Posts: 4

Rep: Reputation: 0
if you use redhat the apache user and group is setup already

the group file is like this
[root]# grep apache /etc/group
apache:x:48:

the passwd file is like this
[root]# grep apache /etc/passwd
apache:x:48:48:Apache:/var/www:/bin/false

the point is that the webserver is running as (usualy) the apache user.
so for a page to be displayed on the web, the apache user need to be able to enter the public_html dir and read the contents.

therfor only the apache user need to be in the apache group, and no other user will be able to enter or read other users public_html

as long as the apache user/group have read/execute on all public_html folders, if will be on the web.
#drwxr-x--- 15 username apache 4096 Jun 26 10:34 /home/username/public_html

--

apache also need to enter the /home/username dir in order to enter the public_html
#drwx--x--- 5 username apache 4096 Jan 30 01:18 username


the commands to set up all this on a rh server is
chgrp apache /home/username
chmod 710 /home/username
chgrp apache /home/username/public_html
chmod 750 /home/username/public_html

hope i was clearer now ?
 
Old 06-26-2003, 07:15 AM   #8
codefather
LQ Newbie
 
Registered: Mar 2003
Location: India
Distribution: RH8
Posts: 8

Original Poster
Rep: Reputation: 0
That was great. There will be some confusion in implementing groups (as of now, we have students of each class in one group) but I got the essence of what you meant. Let me just try them. Thanks pal.
 
Old 06-26-2003, 02:50 PM   #9
Robert0380
LQ Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
.post deleted by me, not helpful at all.

Last edited by Robert0380; 06-26-2003 at 02:52 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Allowing SSH to accepts ANY Password mperkel Linux - Security 14 11-01-2005 12:42 PM
Is Allowing SSH Safe? Optimistic Linux - Security 10 03-21-2005 02:58 PM
Fedora Linux allowing incoming SSH hwm Linux - Networking 5 09-06-2004 03:50 PM
Allowing ssh ftp through the firewall jmg1894 Linux - Newbie 5 07-08-2004 03:42 PM
Allowing for incoming ssh InsaneBob Linux - Software 11 04-12-2003 02:44 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration