topic Re: Apache question in Operating System - Linux

Apache question

Gary Glick — Fri, 02 Feb 2007 13:38:35 GMT

I have a question regarding ownership of the directory that contains the page files.

Server OS:Fedora Core 2
Apache: 2.0.52
Web page root dir: /home/www
There are several virtual host web pages hosted on this one server each has its own directory under /home/www.

Currently the ownership of the files and directories varies between root and a user that no longer works here. I have been asked to clean up the ownerships.

Question: Are there standard practices for assigning ownerships to the web page files.

Any guidance would be most helpful. I can provide more information on the servers configuration if needed.

Thank you.

Gary Glick

Re: Apache question

Ivan Ferreira — Fri, 02 Feb 2007 14:33:34 GMT

This really depends of the web pages served. The minimal permissions are those required to allow the apache user read the files.

For example, if httpd runs as user apache, group apache (check the User and Group directives in your conf file), then your files can be owned by root:apache with 644 permissions and directories with 755 permissions.

You can use the find command to change the permissions:

chown -R root.apache /home/www
find /home/www -type f -exec chmod 644 {} \;
find /home/www -type d -exec chmod 755 {} \;

Re: Apache question

Gary Glick — Fri, 02 Feb 2007 17:11:07 GMT

Thank you for the prompt reply.
I'll give your suggestion a try.

In your suggestion:
chown -R root.apache /home/www
find /home/www -type f -exec chmod 644 {} \;
find /home/www -type d -exec chmod 755 {} \;

I think the chown command needs to be root:apache.

I'll send some points your way shortly.

thanks again.

Re: Apache question

A. Clay Stephenson — Fri, 02 Feb 2007 18:21:24 GMT

Yes, the chown parameters should be root:apache rather than root.apache.

Re: Apache question

Ivan Ferreira — Sat, 03 Feb 2007 08:05:18 GMT

In Linux normally you can use:

chown user.group

Or

chown user:group

This won't work in other Unix flavors

Re: Apache question

Steven E. Protter — Sat, 03 Feb 2007 14:42:31 GMT

Shalom,

Best that pages in an httpd server not be owned by root.

Executable code within the page could more easily get root privledges if the page is attacked.

Generally I like all web pages owned by non-priviledged users who can't do anything bad to the system. Generally its the user associated with the user that is posting the content.

SEP

Re: Apache question

Gary Glick — Mon, 26 Feb 2007 12:07:39 GMT

Thank you all for your help.
I have been able to get the ownership/ permissions issues resolved.

Gary