Re: Can't get Apache httpd.conf permissions correct

On Mon, 23 Jul 2007 01:28:39 +0000, Phil Latio wrote:

I have the following setup:

2 users:
- user1
- user2

Each user has his own directory
- /home/user1
- /home/user2

Each user has one tld
- user1 owns domain1.com
- user2 owns domain2.com

If I set httpd.conf to the following, . User: user1
Group: apache
only user1 website's is visable

If I set httpd.conf to the following: User: user2
Group: apache
only user2 website's is visable.

If I set httpd.conf to the following: User: apache
Group: apache
neither website's is visable.

- I have tried making both user1 and user2 members of the Group "apache"
but that makes no difference.
- I have tried changing the ownership of all the files and directories of
both /home/user1 and /home/user2 to the Group "apache" but no luck.

So the question is what do I have to set in in httpd.conf (or elsewhere)
to enable both both user1 and user2 websites don't get Error 403
forbidden?

Firstly don't run apache as a regular user, it's a security risk. Run it
as its own user, and ensure that this has no rights to damage anything in
the system, or as "nobody".

Ensure that the apache user has read access to all files it needs. This
includes having "execute" access to the directories containing them - I
suspect that this may be what you are missing. Normally this is done by
granting global read/execute access to the files in question. If you want
to do it using group access and not have the files globally readable
(although I can't think why you would want to, when they can be accessed
via the web server anyway) the files will have to belong to the "apache"
group.

Regards, Ian
.

Relevant Pages

  • Cant get Apache httpd.conf permissions correct
    ... Each user has one tld ... user1 owns domain1.com ... user2 owns domain2.com ... Group: apache ...
    (uk.comp.os.linux)
  • RE: dirty reada to committed read
    ... page then user1 is locking the whole page therefore user2 get a lock error ... I have tried setting Isolation Level to Dirty Read, ... The only isolation level that has an impact on updates and deletes is ...
    (comp.databases.informix)
  • Re: grant on a specified table to a user
    ... There is user1 with tablespace user1_tablespace and there is also ... So, I create user2 and let him use the same tablespace as user1, ie. ... GRANT CREATE SESSION,CREATE TABLE TO USER1; ...
    (comp.databases.oracle.server)
  • Re: can someone explain me why this does not work?
    ... user1 belongs to the role manager; user2 not. ... then a URL authorization check is performed to determine whether ... Because user2 is not in the role for page1, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: AdminSDHolder thread - How can I block??
    ... a user who's a domain admin ... > wishes to grant another user (User2) "send as" permissions on his ... > User1 in effective removed from the ACL of User1. ... > be to add "send as" permissions for User2 to the AdminSDHolder ...
    (microsoft.public.win2000.active_directory)