Debian – permissions for multiple users in apache

apache-2.2debianfile-permissions

I am trying to setup permissions for a directory in my apache2. I am going to show a scenario so its easier to explain and understand:

This is my directory listing with permissions

 -> root:root drwxr-x--x www
      -> gasim:www-data drwxr-x--- mydomain.com
           -> drwxr-x--- gasim:www-data www
           -> drwxr-x--- gasim:www-data dev
      ... some other folders here

I am using a framework where I need to use www-data as a group because there are some write permissions etc.

I want to make the directory 'dev' have read/write permission by a group mydomain-dev
How should I approach this but still keep the group www-data. I don't want to add the user to the group www-data because it will have access to other domain folders. Maybe this approach it self is wrong. If it is, whats a better way to approach this situation

Hope i made sense.

Best Answer

You can add an extra vhost for this folder and run it with a different user:

For Linux: http://mpm-itk.sesse.net/

For (Open)Solaris: http://httpd.apache.org/docs/2.4/mod/mod_privileges.html

Related Solutions

Security – Apache service server demon priviiges (with respect to web directory structure, permissions and security)

If you're having trouble changing the group on the folder, make sure that you're root. You can't change the group of a folder or file unless you are the owner and in the group, or you're the superuser.

Ditch the admin GUI and open a shell. (Terminal, xterm, etc.)

chgrp www-data /home/morpheous/work/websites/testproject
chmod 2770 /home/morpheous/work/websites/testproject

# Set mode rwxrws--- the '2' sets the 's' sticky bit,
# which causes all files and folders created in "project"
# to inherit the same group.

(This may not be the best way to configure this specific app, but I think it's a reasonable guess. I'd also recommend moving that out of your home directory... that just complicates trying to keep your personal home directory secure while giving the webserver access to write to part of it.)

As for keeping Apache from serving up files in those directories, that's already done... your document root is defined as project/web. That only gives access to files at that point and below... the log and cache folders are already excluded.

SSH – Bad Owner or Permissions on ~/.ssh/config

I needed to have rw for user only permissions on config. This fixed it.

chmod 600 ~/.ssh/config

As others have noted below, it could be the file owner. (upvote them!)

chown $USER ~/.ssh/config

If your whole folder has invalid permissions here's a table of possible permissions:

Path	Permission
.ssh directory (code)	0700 (drwx------)
private keys (ex: `id_rsa`) (code)	0600 (-rw-------)
`config`	0600 (-rw-------)
public keys (*.pub ex: `id_rsa.pub`)	0644 (-rw-r--r--)
`authorized_keys` (code)	0644 (-rw-r--r--)
`known_hosts`	0644 (-rw-r--r--)

Sources:

openssh check-perm.c
openssh readconf.c
openssh ssh_user_config fix_authorized_keys_perms

Best Answer

Related Solutions

Security – Apache service server demon priviiges (with respect to web directory structure, permissions and security)

SSH – Bad Owner or Permissions on ~/.ssh/config

Related Topic