httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Hammond <tomino...@gmail.com>
Subject Re: [users@httpd] Change user for Apache web server to a non-privileged user? [wd-vc]
Date Wed, 14 Sep 2016 12:30:06 GMT
Hi Kurt,

Thanks for the reply!  May you provide the command that properly adds
read/execute permissions to DocumentRoot at /opt/fpp/www   I am new to
learning Linux and could use some help.  :)

Thanks agian,
Tom


On Wed, Sep 14, 2016 at 8:26 AM, Bremser, Kurt (AMOS Austria GmbH) <
Kurt.Bremser@allianz.at> wrote:

> Looks like http-web misses read/execute permissions on your DocumentRoot
> directory.
>
> Kurt Bremser
> AMOS Austria
>
> Newton was wrong. There is no gravity. The Earth sucks.
> ________________________________________
> Von: Tom Hammond [tominohio@gmail.com]
> Gesendet: Mittwoch, 14. September 2016 14:16
> An: users@httpd.apache.org
> Betreff: [users@httpd] Change user for Apache web server to a
> non-privileged user? [wd-vc]
>
> Hello everyone,
>
> I have an Apache 2.2x server and would like to harden security so that
> hackers can't get in easily to the Apache webserver.  One suggestion is to
> change the user/group for Apache to a non-privileged account.
>
> Currently the user "fpp" is the default user for Apache which has access
> to the operating system via sudo commands.
>
> I entered these commands to create a non-privileged account:
> sudo groupadd http-web
> sudo useradd -d /opt/fpp/www/ -g http-web http-web
>
> I then edited /etc/apache2/envvars to change these lines:
> export APACHE_RUN_USER=http-web
> export APACHE_RUN_GROUP=http-web
>
> I also ran this command to change user/group permissions on this folder:
> sudo chown -R http-web:http-web /var/lock/apache2/
> sudo chown -R http-web:http-web /opt/fpp/www
>
> Finally, I restarted the Apache service with this command:
> sudo service apache2 restart
>
> When I try to access the website on this server, I receive the following
> message:
>
>
> Forbidden: You don't have permission to access / on this server.
>
>
> I've been scouring the Internet trying to figure out how to switch the
> default "fpp" Apache user to a non-privileged account and can't figure it
> out. Can someone shed some light on this?
>
> Thanks!
> Tom
>
> AMOS Austria GmbH
> 1130 Wien, Hietzinger Kai 101-105
> FN 365014k, Handelsgericht Wien
> UID: ATU 66614737
>
> http://www.allianz.at
>
> ********************************************************
> Dieses E-Mail und allfaellig daran angeschlossene Anhaenge
> enthalten Informationen, die vertraulich und
> ausschliesslich fuer den (die) bezeichneten Adressaten
> bestimmt sind.
> Wenn Sie nicht der genannte Adressat sind, darf dieses
> E-Mail samt allfaelliger Anhaenge von Ihnen weder anderen
> Personen zugaenglich gemacht noch in anderer Weise
> verwertet werden.
> Wenn Sie nicht der beabsichtigte Empfaenger sind, bitten
> wir Sie, dieses E-Mail und saemtliche angeschlossene
> Anhaenge zu loeschen.
>
> Please note: This email and any files transmitted with it is
> intended only for the named recipients and may contain
> confidential and/or privileged information. If you are not the
> intended recipient, please do not read, copy, use or disclose
> the contents of this communication to others and notify the
> sender immediately. Then please delete the email and any
> copies of it. Thank you.
> ********************************************************
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message