httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Smith" <g...@primeexalia.com>
Subject RE: [users@httpd] Virtual hosting user problem
Date Fri, 16 Apr 2004 02:33:26 GMT
Makes sense.  Maybe for the logs directory it will be owned by root.root
chmod 744.  For the www directory it will be owned by client.nobody
chmod 704 (apache is other so it can still read).  The hidden file in
the www directory will be owned by root.root 444.  This should be secure
enough to stop them from deleting their directories and still allow
apache to run properly.

They don't have to have write access to the logs but they do have to
have private read access to them.  They currently FTP the log files
daily and will continue to need to do so. 

Thanks for all of the help guys.  I have received a lot of help today.

Gary



-----Original Message-----
From: Joshua Slive [mailto:joshua@slive.ca] 
Sent: Thursday, April 15, 2004 4:39 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Virtual hosting user problem


On Thu, 15 Apr 2004, Gary Smith wrote:

> The logs for the base web server are secured but each of the users
logs
> are dropped in a directory under /home/client/website/logs.  This way
> then can read them as much as they want.  The logs are still owned by
> root.root but it allows me to let the client do as they will with the
> data.  It makes sense that the service wouldn't start because of a log
> issue.  I remember a problem that I had when I deleted the
/var/logs/www
> directory in dev some time ago.

Logs in a non-root writable directory is a *bad* idea, as the security
docs say.  Any user who controls such a directory can likely take over
root.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message