[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: apache



well setting 755 worked great

sweet

i miss acl's *sniffle*

Casey

-----Original Message-----
From: silug-discuss-owner@silug.org
[mailto:silug-discuss-owner@silug.org]On Behalf Of Casey Boone
Sent: Friday, April 19, 2002 9:11 AM
To: silug-discuss@silug.org
Subject: Re: apache



yeah i had the 644 on everything down to the dir i used as root, but i didnt
know about the execute bit's behavior on folders.  i always wondered if it
did anything, as "executing" a directory didnt make a whole lot of sense to
me :)

i should have some time tonight to finally get to work on it again

Casey


-----Original Message-----
From: silug-discuss-owner@silug.org
[mailto:silug-discuss-owner@silug.org]On Behalf Of Mike808
Sent: Wednesday, April 17, 2002 8:30 PM
To: silug-discuss@silug.org
Subject: Re: apache


Casey Boone wrote:
> i set the folder to at least 644 permissions for each folder down until
the
> folder that was supposed to be the root for the virtual host
>
> index.html file was also set 644

chmod 644 index.html ==> rw-r--r-- ==> u=rw,g=r,o=r

That's fine for files. For directories, you also need *execute* permissions.

So, on the folders, you should set permissions to 755.

chmod 755 public_html ==> rwxr-xr-x ==> u=rwx,g=rx,o=rx

Read permissions on a directory let you read the contents.
Execute permissions let you *traverse* the directory (i.e. into its
subdirectories).

And if you are talking about a user's home directory, you will need to have
the following permissions for the directories:

$ ls -ld /home /home/user /home/user/public_html
rwxr-xr-x 1 root sys  ... /home
rwxr-xr-x 1 user user ... /home/user
rwxr-xr-x 1 user user ... /home/user/public_html

The reason is that in order to *get to* /home/user/public_html, you must
first
be able to traverse both /home and /home/user. If the web user runs as
'nobody' or 'web', then they are likely not in the sys or users groups.
Hence, the effective permissions of 'other' when traversing the filesystem
to get to your web pages.

So, if you think this compromises your home directory, then you will need
to reconfigure Apache to use a different 'root' directory for users that is
not their home directories. Some people don't like their home directories
being exposed for all to see what's inside. i.e. pr0n, mp3z, oggz, etc.

ObStarWars: http://atomfilms.shockwave.com/afassets/flash/gangsta.swf

Mike808/
--
perl -le "$_='7284254074:0930970:H4012816';tr[0->][ BOPEN!SMUT];print"

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.