Re: [CentOS] apache docroot permissions

2011-05-05 Thread Johan Martinez
On Wed, May 4, 2011 at 7:38 PM, Gordon Messmer wrote: > On 05/04/2011 12:49 PM, Johan Martinez wrote: > > Thanks for the suggestions Richard and Kenneth. I installed drupal here > > and it requires user running apache to have write access on filesystem. > > Otherwise it complains: 'The directory

Re: [CentOS] apache docroot permissions

2011-05-04 Thread Gordon Messmer
On 05/04/2011 12:49 PM, Johan Martinez wrote: > Thanks for the suggestions Richard and Kenneth. I installed drupal here > and it requires user running apache to have write access on filesystem. > Otherwise it complains: 'The directory sites/default/files is not > writable'. The content editors/deve

Re: [CentOS] apache docroot permissions

2011-05-04 Thread Stephen Harris
On Thu, May 05, 2011 at 12:31:15AM +0200, Kai Schaetzl wrote: > Kenneth Porter wrote on Wed, 04 May 2011 14:12:32 -0700: > > > Make the writable directories SGID and any files and subdirectories created > > there will inherit the group ownership: > > AFAIK, this works on Unix, but not on Linux.

Re: [CentOS] apache docroot permissions

2011-05-04 Thread Kai Schaetzl
Kenneth Porter wrote on Wed, 04 May 2011 14:12:32 -0700: > Make the writable directories SGID and any files and subdirectories created > there will inherit the group ownership: AFAIK, this works on Unix, but not on Linux. On Linux you have to use ACLs, as Johnny already pointed to. Kai _

Re: [CentOS] apache docroot permissions

2011-05-04 Thread Kenneth Porter
On Wednesday, May 04, 2011 10:49 PM +0200 Kai Schaetzl wrote: > b) have all php files owned by a user and the write area writable by > apache but owned by the user (*) > (*) this doesn't work if you create subdirectories because they get the > wrong permissions and apache can't pass thru Mak

Re: [CentOS] apache docroot permissions

2011-05-04 Thread Kai Schaetzl
Johan Martinez wrote on Wed, 4 May 2011 14:49:52 -0500: > Thanks for the suggestions Richard and Kenneth. I installed drupal here and > it requires user running apache to have write access on filesystem. Assuming you are running mod_php and safe_mode: that is probably because of PHP safe_mode. Y

Re: [CentOS] apache docroot permissions

2011-05-04 Thread Johnny Hughes
On 05/04/2011 02:49 PM, Johan Martinez wrote: > > > On Wed, May 4, 2011 at 12:58 PM, Kenneth Porter > wrote: > > User apache only needs read access except under special conditions, > such as > a script that needs to store configuration in a file. And a

Re: [CentOS] apache docroot permissions

2011-05-04 Thread Johan Martinez
On Wed, May 4, 2011 at 12:58 PM, Kenneth Porter wrote: > User apache only needs read access except under special conditions, such as > a script that needs to store configuration in a file. And a lot of apps > store their state in a DB so they don't need filesystem write access at > all. > > Set th

Re: [CentOS] apache docroot permissions

2011-05-04 Thread Kenneth Porter
User apache only needs read access except under special conditions, such as a script that needs to store configuration in a file. And a lot of apps store their state in a DB so they don't need filesystem write access at all. Set the permissions as strict as possible, so that if an attacker find

[CentOS] apache docroot permissions

2011-05-04 Thread Johan Martinez
I have a group of users (content editors) who need read-write access to apache document root. The apache web server is running as user:apache and group:apache. The filesystem permissions are currently set as apache:apache. How should I modify filesystem permission so that content editors can have r