httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bremser, Kurt (AMOS Austria GmbH)" <Kurt.Brem...@allianz.at>
Subject AW: [users@httpd] Change user for Apache web server to a non-privileged user? [wd-vc]
Date Wed, 14 Sep 2016 12:42:59 GMT
The simplest thing is to to log on to the server with http-web (do a sudo su - http-web) and
then navigate there to see where you fail. Also be sure that DocumentRoot from the httpd.conf
points to a subdirectory of /opt/fpp/www.

Kurt Bremser
AMOS Austria

Newton was wrong. There is no gravity. The Earth sucks.
________________________________________
Von: Tom Hammond [tominohio@gmail.com]
Gesendet: Mittwoch, 14. September 2016 14:30
An: users@httpd.apache.org
Betreff: Re: [users@httpd] Change user for Apache web server to a non-privileged user? [wd-vc]

Hi Kurt,

Thanks for the reply!  May you provide the command that properly adds read/execute permissions
to DocumentRoot at /opt/fpp/www   I am new to learning Linux and could use some help.  :)

Thanks agian,
Tom


On Wed, Sep 14, 2016 at 8:26 AM, Bremser, Kurt (AMOS Austria GmbH) <Kurt.Bremser@allianz.at<mailto:Kurt.Bremser@allianz.at>>
wrote:
Looks like http-web misses read/execute permissions on your DocumentRoot directory.

Kurt Bremser
AMOS Austria

Newton was wrong. There is no gravity. The Earth sucks.
________________________________________
Von: Tom Hammond [tominohio@gmail.com<mailto:tominohio@gmail.com>]
Gesendet: Mittwoch, 14. September 2016 14:16
An: users@httpd.apache.org<mailto:users@httpd.apache.org>
Betreff: [users@httpd] Change user for Apache web server to a non-privileged user? [wd-vc]

Hello everyone,

I have an Apache 2.2x server and would like to harden security so that hackers can't get in
easily to the Apache webserver.  One suggestion is to change the user/group for Apache to
a non-privileged account.

Currently the user "fpp" is the default user for Apache which has access to the operating
system via sudo commands.

I entered these commands to create a non-privileged account:
sudo groupadd http-web
sudo useradd -d /opt/fpp/www/ -g http-web http-web

I then edited /etc/apache2/envvars to change these lines:
export APACHE_RUN_USER=http-web
export APACHE_RUN_GROUP=http-web

I also ran this command to change user/group permissions on this folder:
sudo chown -R http-web:http-web /var/lock/apache2/
sudo chown -R http-web:http-web /opt/fpp/www

Finally, I restarted the Apache service with this command:
sudo service apache2 restart

When I try to access the website on this server, I receive the following message:


Forbidden: You don't have permission to access / on this server.


I've been scouring the Internet trying to figure out how to switch the default "fpp" Apache
user to a non-privileged account and can't figure it out. Can someone shed some light on this?

Thanks!
Tom

AMOS Austria GmbH
1130 Wien, Hietzinger Kai 101-105
FN 365014k, Handelsgericht Wien
UID: ATU 66614737

http://www.allianz.at

********************************************************
Dieses E-Mail und allfaellig daran angeschlossene Anhaenge
enthalten Informationen, die vertraulich und
ausschliesslich fuer den (die) bezeichneten Adressaten
bestimmt sind.
Wenn Sie nicht der genannte Adressat sind, darf dieses
E-Mail samt allfaelliger Anhaenge von Ihnen weder anderen
Personen zugaenglich gemacht noch in anderer Weise
verwertet werden.
Wenn Sie nicht der beabsichtigte Empfaenger sind, bitten
wir Sie, dieses E-Mail und saemtliche angeschlossene
Anhaenge zu loeschen.

Please note: This email and any files transmitted with it is
intended only for the named recipients and may contain
confidential and/or privileged information. If you are not the
intended recipient, please do not read, copy, use or disclose
the contents of this communication to others and notify the
sender immediately. Then please delete the email and any
copies of it. Thank you.
********************************************************

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org<mailto:users-unsubscribe@httpd.apache.org>
For additional commands, e-mail: users-help@httpd.apache.org<mailto:users-help@httpd.apache.org>



AMOS Austria GmbH 
1130 Wien, Hietzinger Kai 101-105 
FN 365014k, Handelsgericht Wien 
UID: ATU 66614737 

http://www.allianz.at 

******************************************************** 
Dieses E-Mail und allfaellig daran angeschlossene Anhaenge 
enthalten Informationen, die vertraulich und 
ausschliesslich fuer den (die) bezeichneten Adressaten 
bestimmt sind. 
Wenn Sie nicht der genannte Adressat sind, darf dieses 
E-Mail samt allfaelliger Anhaenge von Ihnen weder anderen 
Personen zugaenglich gemacht noch in anderer Weise 
verwertet werden.
Wenn Sie nicht der beabsichtigte Empfaenger sind, bitten
wir Sie, dieses E-Mail und saemtliche angeschlossene
Anhaenge zu loeschen. 

Please note: This email and any files transmitted with it is 
intended only for the named recipients and may contain 
confidential and/or privileged information. If you are not the 
intended recipient, please do not read, copy, use or disclose 
the contents of this communication to others and notify the 
sender immediately. Then please delete the email and any 
copies of it. Thank you.
********************************************************

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message