SitePoint Sponsor

User Tag List

Results 1 to 13 of 13
  1. #1
    Resident OCD goofball! bronze trophy Serenarules's Avatar
    Join Date
    Dec 2002
    Posts
    1,911
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)

    Exclamation Permissions and Ownership Question

    Ok, my old host had things setup where, even if a cgi file was chmodded to 777, it would run. Any new file created by this script would be owned by my personal user:group and not apache:apache. This rules out suEXEC and other wrappers. What I want to know, is HOW THEY DID THIS!!! I now have my own server and everything works except this. My ftp users can't edit or delete files created by thier webs cgi files. Thanks! Please say what you know, even if it sounds obvious. Like 4755, which isn't working, nor is ug+s...on their home folders.

  2. #2
    SitePoint Zealot Jedito's Avatar
    Join Date
    May 2001
    Location
    Buenos Aires / Argentina
    Posts
    151
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello Serena

    Does your FTP users use the same user:group that your web user?

    Regards

  3. #3
    Resident OCD goofball! bronze trophy Serenarules's Avatar
    Join Date
    Dec 2002
    Posts
    1,911
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)

    Web vs FTP

    Well Apache runs as apache:apache and I do NOT have any Group or user directives in thier <VirtualHost> containers since I am not using any cgi wrappers, so example user/account would be like this...

    User / Group
    user1:user1

    chowned and chrooted to...
    711 /home/user1
    755 /home/user1/public_html
    755 /home/user1/cgi-bin

    <VirtualHost *>
    ServerName user1.com
    ServerAlias www.user1.com
    ...
    DocumentRoot /home/user1/public_html
    ScriptAlias /cgi-bin/ /home/user1/cgi-bin/
    ...
    </VirtualHost>

    Thier ftp root is therefore /home/user1. Is this what you meant? If not let me know.

  4. #4
    SitePoint Zealot Jedito's Avatar
    Join Date
    May 2001
    Location
    Buenos Aires / Argentina
    Posts
    151
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Then the users wont have permission to modify the files created by the webserver, because the ownership of the files is different.

    I mean, if the file created by let say a script is owned by apache:apache and when the FTP user identify is user1:user1, user1 don't have permission to modify files owner by apache:apache

    I don't know if I was clear, if not, please let me know and I'll try to explain it again.

    Regards

  5. #5
    Resident OCD goofball! bronze trophy Serenarules's Avatar
    Join Date
    Dec 2002
    Posts
    1,911
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)

    Exactly

    This is what I am trying to figure out. I realize files written by apache can't be modified by another user. Here is the thing though. When I had my sites hosted at Bellsouth.net, I could chmod a cgi script 777 and it's output would be owned by my user, not apache. That, in itself, rules out the use of a wrapper like suEXEC or CGIWRap, because they don't allow 777 rights. So what I want to know is how they did that? The reason I need to know is because I host a friends site, with a forum, and he needs to be able to modify some files. IF it were just my stuff, I wouldn't care, as I have root.

  6. #6
    SitePoint Zealot Jedito's Avatar
    Join Date
    May 2001
    Location
    Buenos Aires / Argentina
    Posts
    151
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why do you say that you can't chmod 777 using SuExec?

    Also, why would you need to chmod it 777 if you use SuExec? it wont be needed I think.

    Regards

  7. #7
    Resident OCD goofball! bronze trophy Serenarules's Avatar
    Join Date
    Dec 2002
    Posts
    1,911
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)
    You are correct in that 755 would be sufficent under suEXEC, however, there are several things that bug me about this. One is the dependancy of suEXEC that requries the cgi-bin be a physical folder under public_html, like this...

    /home/user/public_html/cgi-bin

    I want it like this...

    /home/user/public_html
    /home/user/cgi-bin

    ...anyway, the suEXEC documentation is what states you can't chmod 777. The wrapper will refuse to run the script. You see, I am one of those people that notices things the by all intents, shouldn't be possible, but are, and then I am driven to understand how they did it. So, assuming they didn't use a wrapper (which btw, is also required according to Apache docs before you can use Group and User statements in a virtualhost container) I want to know how they got a script that it "run" by apache, though the script itself is owned by me, to output a file that is also owned by me. They do it, I swear! I have searched and search, and REsearched every possible avenue and I am completely stuped!!!

  8. #8
    SitePoint Zealot Jedito's Avatar
    Join Date
    May 2001
    Location
    Buenos Aires / Argentina
    Posts
    151
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But even if you run the script without SuExec you wont be able to chmod it to 777 and make it work.
    I'm talking about the .pl or .cgi files.
    Also, you can make the files work with SuExec at

    /home/username/public_html/whatever is not needed to keep it under the cgi-bin/ folder

    Regards

  9. #9
    Resident OCD goofball! bronze trophy Serenarules's Avatar
    Join Date
    Dec 2002
    Posts
    1,911
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)
    That's my point. They DO make it work somehow. My old ikonboard, for eample, had several scripts at 777, whose output was owned by me not apache. Forget folder hierarchies and everything else for now. How is the above possible?

  10. #10
    Resident OCD goofball! bronze trophy Serenarules's Avatar
    Join Date
    Dec 2002
    Posts
    1,911
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)
    IS it possible that, instead of a single httpd.conf file using virtualhost containers, they spawn new services for each domain with thier own httpd.conf file? If so, and this is possible, PLEASE tell me how to do it. Thanks!

  11. #11
    SitePoint Zealot Jedito's Avatar
    Join Date
    May 2001
    Location
    Buenos Aires / Argentina
    Posts
    151
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm completely clueless now.
    I never saw a script working with 777, in like.. Hmmmm.. 6 of hosting and 2 as admin.

    About the other question, yes, you can have more than 1 apache instance working, but you'll need to make it work in a port other than the 80

    Regards

  12. #12
    Resident OCD goofball! bronze trophy Serenarules's Avatar
    Join Date
    Dec 2002
    Posts
    1,911
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)
    Well, thanks for your input, my specialty is with MS products, I'm MS certified and have ten years experience, but this Linux stuff is all still new too me. I seem to have a ways to go and a lot to research.

    If you want to continue this via email, you can do so at serena@serenarules.com. Thanks again!


  13. #13
    Resident OCD goofball! bronze trophy Serenarules's Avatar
    Join Date
    Dec 2002
    Posts
    1,911
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)
    Bringing this back for a bit because I still haven't even goten suexec configured correctly.

    First:

    My version of linux came with suexec precompiled and the right modules installed in apache, though initially disabled.

    Second:

    When I add the User and Group Directives to a VirtualHost in order to enable suexec, the correct message is written to the logs stating it has become active. However, when I try to run a script from a virtualhost, I get the message onscreen 'server misconfiguration' or some such.

    Third:

    I have completely scanned the entire inet on this. I cannot find a single good source of help on it. The apache docs have a reference to a file called ./configure, but they don't say what dir it's in. I can't locate it on my machine, not can I seem to install the src package for apache. I am assuming that's where it is.

    So:

    Please tell me where to go for help on this and what package the configuration script is in! I really need to get this working.

    Thanks!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •