Re: Secure Unix permissions for an Apache website developer

From: Jeff Breitner (usenet_at_rudn.com)
Date: 04/20/04

• Next message: x86processor: "Re: Linux Novice"
• Previous message: The Ghost In The Machine: "Re: Which is better KDE or Gnome"
• In reply to: James Schnack: "Secure Unix permissions for an Apache website developer"
• Next in thread: nonames: "Re: Secure Unix permissions for an Apache website developer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 19 Apr 2004 20:24:23 -0400

James Schnack wrote:
.
>
> Although we do trust this company I don't want to give the developer
> (usually only one guy works on this site, two at the most) root
> access. I have created a regular user for him, and he can access the
> box via SSH to scp files to the server.
>

Good call; don't give any privileges that they don't need.

> Apache runs with a special no-privilege user and group (apache). I
> have configured the permissions on /var/www/html (the DocumentRoot
> directory) and its files to be owned by root, be readable by all (so
> apache will be allowed to serve them), but writeable only by the
> owner.

Well, they don't have to be owned by root. Make them owned by the web
developer's user. Or create a group of "webdevelopers" and make your
developer part of that group with write permissions to the htdocs directory.

Just do not make them owned by the user that the Apache server is
running as.

> I've thought of a special group (say "webadmin"), formed by the root
> user + the developer's regular user, and having html files owned by
> that group. But I'm not sure if this is a solution or a new problem...
> ;-)
>

Why include root? All you need to do is create the webadmin group and
add your web developer(s) to this group. Just remember to enable the
write permissions on the required directories.

WWJD? JWRTFM
Rot13 for email address: yvfgf @ ehqa.pbz

• Next message: x86processor: "Re: Linux Novice"
• Previous message: The Ghost In The Machine: "Re: Which is better KDE or Gnome"
• In reply to: James Schnack: "Secure Unix permissions for an Apache website developer"
• Next in thread: nonames: "Re: Secure Unix permissions for an Apache website developer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Secure Unix permissions for an Apache website developer ... > directory) and its files to be owned by root, ... developer part of that group with write permissions to the htdocs directory. ... Just do not make them owned by the user that the Apache server is ... (comp.os.linux.setup) Re: Secure Unix permissions for an Apache website developer ... > directory) and its files to be owned by root, ... developer part of that group with write permissions to the htdocs directory. ... Just do not make them owned by the user that the Apache server is ... (comp.os.linux.security) Re: Problems with ordinary user permissions ... 'developer - x-windows' install. ... >>couldnt see any drives, and when i tried adding them ... >>errors muttering about permissions. ... >>migrate to using 'root' for my everyday login, ... (freebsd-questions) Re: [RFC] FUSE permission modell (Was: fuse review bits) ... >> root is denied all access. ... and the kernel checks the permission. ... The userspace can't enforce the permissions. ... (Linux-Kernel) Re: Problem setting up NFS on Ubuntu ... I have installed Ubuntu ... > I used System - Administration - Synaptic Package Manager to include NFS ... Should I be using the GUI, and if so, how do I do that as root, ... and doesn't change the permissions displayed by ls -l ... (comp.os.linux.setup)

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint