I know I'm probably going to get slammed for being an idiot, but oh well . . .
I've finally got some help (volunteer) for the church webserver I host at home. It's an FC4 server with Apache 2.x installed. She's from the M$ world and asking me about ASP and DreamWeaver access, which I told her was a no go. Learn PHP! :)
Anyway, I created a webadmin account that I want to have full access to the /var/www/html folder tree. I added that account to the apache group, but that didn't work.
What is the proper process for accomplishing this? I don't want to give this person root access to the server.
On 1/30/06, Jon Moss jon.moss@cnonline.net wrote:
I know I'm probably going to get slammed for being an idiot, but oh well . . .
I've finally got some help (volunteer) for the church webserver I host at home. It's an FC4 server with Apache 2.x installed. She's from the M$ world and asking me about ASP and DreamWeaver access, which I told her was a no go. Learn PHP! :)
Anyway, I created a webadmin account that I want to have full access to the /var/www/html folder tree. I added that account to the apache group, but that didn't work.
What is the proper process for accomplishing this? I don't want to give this person root access to the server.
Obviously! :)
How is she accessing the server? SSH/WinSCP? FTP? Also, how exactly didn't it work? Was her user account not able to touch a file in the directory?
If she's in the apache group, you'd need to put 775 perms on the directory. Although, I would probably create a separate group for web developers, rather than use apache. Some distributions use the apache group as the GID of the apache process, which could leave your website vulnerable incase someone was able to execute something as the apache UID/GID. Unless I'm way off base.
Jeremy
I encourage her to use SSH (that's the only port i have open through my firewall besides the one for the webserver).
I logged in as the new account via SSH (Putty) and attempted to vi a file in /var/www/html. I could open it but not save it.
I will remove webadmin from the apach group and make a separate group.
With this new group, what/how do I apply the permissions to /var/www/html so it (webadmin) will have access to edit the files there? Is it just a chmod? or is a chgrp/chown thing?
Thanks,
Jon
On 1/30/06, Jon Moss jon.moss@cnonline.net wrote:
I know I'm probably going to get slammed for being an idiot, but oh well . . .
I've finally got some help (volunteer) for the church webserver I host at home. It's an FC4 server with Apache 2.x installed. She's from the M$ world and asking me about ASP and DreamWeaver access, which I told her was a no go. Learn PHP! :)
Anyway, I created a webadmin account that I want to have full access to the /var/www/html folder tree. I added that account to the apache group, but that didn't work.
What is the proper process for accomplishing this? I don't want to give this person root access to the server.
Obviously! :)
How is she accessing the server? SSH/WinSCP? FTP? Also, how exactly didn't it work? Was her user account not able to touch a file in the directory?
If she's in the apache group, you'd need to put 775 perms on the directory. Although, I would probably create a separate group for web developers, rather than use apache. Some distributions use the apache group as the GID of the apache process, which could leave your website vulnerable incase someone was able to execute something as the apache UID/GID. Unless I'm way off base.
Jeremy _______________________________________________ Kclug mailing list Kclug@kclug.org http://kclug.org/mailman/listinfo/kclug
On 1/30/06, Jon Moss jon.moss@cnonline.net wrote:
With this new group, what/how do I apply the permissions to /var/www/html so it (webadmin) will have access to edit the files there? Is it just a chmod? or is a chgrp/chown thing?
I would set it up as:
# set all files/directories to webadmin group chgrp -R webadmin /var/www/html
# change all files to 664 find /var/www/html -type f -exec chmod 664 "{}" ;
# set GID bit on directories so that files newly created are modifiable by webadmin # group members find /var/www/html -type d -exec chmod 2775 "{}" ;
Any other/better suggestions?
Jeremy
-
Jeremy Turner -
Jon Moss