olaf
Mon 11 June 2007, 03:28 pm GMT +0300
Hi,
just noticed that my server's apache doesn't have write permissions to folders inside the public_html folder.
is it safe change the permission for Apache and if yes how?
Thanks
Nikolas
Mon 11 June 2007, 08:18 pm GMT +0300
I don't know which is the common technique to that, but I personally give ownership to the whole www directory to the account nobody:nogroup
This way both Apache and the cgi services can write with no problems.
olaf
Mon 11 June 2007, 08:57 pm GMT +0300
is there a way to automate this?
Nikolas
Mon 11 June 2007, 09:11 pm GMT +0300
First you need to run this command in console :
chown nobody:nogroup -R /path/to/htdocs
Then you can use this directive in httpd.conf:
User nobody
Group nogroup
olaf
Mon 11 June 2007, 11:17 pm GMT +0300
I use this config in my account template?
User nobody
Group nogroup
Nikolas
Mon 11 June 2007, 11:53 pm GMT +0300
I am not sure what you mean "account template" but this is the rule that should be in the httpd.conf file, and I don't think it is a rule that can be applied through .htaccess or something else.
olaf
Tue 12 June 2007, 12:09 am GMT +0300
I am not sure what you mean "account template" but this is the rule that should be in the httpd.conf file, and I don't think it is a rule that can be applied through .htaccess or something else.
OK I understand, this setting is for all hosting accounts, is there a place I need to add this setting?
Nikolas
Tue 12 June 2007, 09:25 am GMT +0300
It is in the "section 2" of the configuration file. BTW now I see it again the correct way to use it is like this :
<IfModule !mpm_winnt.c>
<IfModule !mpm_netware.c>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
# . On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group #-1 on these systems!
#
User nobody
Group nogroup
</IfModule>
</IfModule>
olaf
Tue 12 June 2007, 09:30 am GMT +0300
:( I have a modified http conf file (Directadmin), but I guess I can add the whole rule...
Nikolas
Tue 12 June 2007, 09:33 am GMT +0300
Of course you can ;)
Be sure to restart apache then :)