FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 04-11-2011, 09:50 PM
Todd Cary
 
Default Best configuration for /var/www/html/

For a long period of time, my Apache root directory has been
/home/httpd. For security reasons, this is not so good as
SELinux has informed me. Now all of the files have been copied
to /var/www/etc with owner and group "root". The privileges are
754 (rwxr-xr--), however apache does not have access to them.
Should the owner be apache? Group?

Todd

--
Ariste Software
Petaluma, CA 94952

http://www.aristesoftware.com

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-11-2011, 09:53 PM
Todd Cary
 
Default Best configuration for /var/www/html/

On 4/11/2011 2:50 PM, Todd Cary wrote:
> For a long period of time, my Apache root directory has been
> /home/httpd. For security reasons, this is not so good as
> SELinux has informed me. Now all of the files have been copied
> to /var/www/etc with owner and group "root". The privileges are
> 754 (rwxr-xr--), however apache does not have access to them.
> Should the owner be apache? Group?
>
> Todd
>
Forgot to say that I am using Centos 5.5.

Todd

--
Ariste Software
Petaluma, CA 94952

http://www.aristesoftware.com

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-11-2011, 09:55 PM
"Joseph L. Casale"
 
Default Best configuration for /var/www/html/

>For a long period of time, my Apache root directory has been
>/home/httpd. For security reasons, this is not so good as
>SELinux has informed me. Now all of the files have been copied
>to /var/www/etc with owner and group "root". The privileges are
>754 (rwxr-xr--), however apache does not have access to them.
>Should the owner be apache? Group?

Well, does your conf.d/foo.conf point to that dir? By default that's
still not right. Are there any directories in there, as 754 wont let
apache in...
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-11-2011, 10:00 PM
"Les Bell"
 
Default Best configuration for /var/www/html/

Todd Cary <todd@aristesoftware.com> wrote:

>>
The privileges are
754 (rwxr-xr--), however apache does not have access to them.
Should the owner be apache? Group?
<<

It's probably the SELinux labels preventing access - I stumbled across this
yesterday while setting up a local mirror to deploy 5.6.

Do an ls -lZ on the stuff in /var/www/html - it should look something like
this:

drwxr-xr-x root root system_ubject_r:httpd_sys_content_t CentOS

You've probably got the wrong user and type on your files. Use chcon to
change them - from memory

chcon -R -u system_u -t httpd_sys_content_t

I hope that gets it for you.

Best,

--- Les Bell
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-12-2011, 01:53 AM
"Trutwin, Joshua"
 
Default Best configuration for /var/www/html/

> chcon -R -u system_u -t httpd_sys_content_t

chcon is a temporary change - to make it permanent use restorecon after:

http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html

Josh
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-12-2011, 01:37 PM
Daniel J Walsh
 
Default Best configuration for /var/www/html/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/11/2011 05:50 PM, Todd Cary wrote:
> For a long period of time, my Apache root directory has been
> /home/httpd. For security reasons, this is not so good as
> SELinux has informed me. Now all of the files have been copied
> to /var/www/etc with owner and group "root". The privileges are
> 754 (rwxr-xr--), however apache does not have access to them.
> Should the owner be apache? Group?
>
> Todd
>
Did you run restorecon -R -v /var/www


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk2kVasACgkQrlYvE4MpobNoywCffYWPhXp/NgK7hRWmr4A4BjGA
JHoAnAj+9YJGtiGg9pDLkgT9Ea50d3Gz
=Ls7a
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-12-2011, 01:56 PM
Johnny Hughes
 
Default Best configuration for /var/www/html/

On 04/11/2011 04:50 PM, Todd Cary wrote:
> For a long period of time, my Apache root directory has been
> /home/httpd. For security reasons, this is not so good as
> SELinux has informed me. Now all of the files have been copied
> to /var/www/etc with owner and group "root". The privileges are
> 754 (rwxr-xr--), however apache does not have access to them.
> Should the owner be apache? Group?
>
> Todd
>

You will need give the user who is running the httpd daemon (apache by
default) the required access to the files.

If you have things that need to be written, you will need to give that
user (again, apache by default) write access to those files/directories.

You control who an httpd instance runs as in the httpd.conf file ...
look for User and Group in your httpd.conf file. This will tell you for
the default install:

egrep '^User|^Group' /etc/httpd/conf/httpd.conf

You will need to set user and/or group permissions on your directory as
required based on who is running the httpd daemon.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-12-2011, 03:02 PM
Todd Cary
 
Default Best configuration for /var/www/html/

On 4/12/2011 6:56 AM, Johnny Hughes wrote:

On 04/11/2011 04:50 PM, Todd Cary wrote:


For a long period of time, my Apache root directory has been
/home/httpd. For security reasons, this is not so good as
SELinux has informed me. Now all of the files have been copied
to /var/www/etc with owner and group "root". The privileges are
754 (rwxr-xr--), however apache does not have access to them.
Should the owner be apache? Group?

Todd




You will need give the user who is running the httpd daemon (apache by
default) the required access to the files.

If you have things that need to be written, you will need to give that
user (again, apache by default) write access to those files/directories.

You control who an httpd instance runs as in the httpd.conf file ...
look for User and Group in your httpd.conf file. This will tell you for
the default install:

egrep '^User|^Group' /etc/httpd/conf/httpd.conf

You will need to set user and/or group permissions on your directory as
required based on who is running the httpd daemon.




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Thank you!* Yes, httpd.conf does have the correct parameters:



#

User apache

Group apache



Since I am a "Sunday user" of Linux in that once I set it up, it may
be months before I need to do anything other than backup and run yum
update.* As a result, my Linux skills are not like someone using
Linux daily (wish I did not have to earn my living in the Windows
world).* So, I wanted to make sure that changing the Owner and Group
to "apache" for /var/www/ was correct.



Todd

--
Ariste Software
Petaluma, CA 94952

http://www.aristesoftware.com



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 06:44 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org