Richard,
I'm new to the group and thought I'd take a crack at this one. Is www-data a user or group? From the end of your email it sounds like a user since you added it to the rgeddes group but I am a little confused when you changed the group from rgeddes to www-data in the middle of your example. If it is a group then I don't believe you can add a group to another group in the /etc/group file. If it is a user I did a quick test one of our servers to verify but I don't believe the adding of a user to a group is dynamic. In order for the new group assignment to take affect I had to log out and log in as the test user for the id command to reflect the change. You didn't mention it in your email but did you try and restart your server after adding the www-data user to the rgeddes group? My apologies if I am misunderstanding your question. ________________________________ From: Richard Geddes [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 26, 2008 10:08 AM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Question on permissions Thanks for the response. I set up a directory under the main DocumentRoot called test drwxr-xr-x 2 rgeddes rgeddes 80 2008-02-18 15:18 test and it appeared in a directory listing in the webpage of my main DocumentRoot. Changed permissions as follows: drwxr-x--- 2 rgeddes rgeddes 80 2008-02-18 15:18 test and test disappears from the webpage (this makes sense) changed group as follows: drwxr-x--- 2 rgeddes www-data 80 2008-02-18 15:18 test and test appears in the webpage (this makes sense) as the servers are running as www-data. Now if I change the group back to: drwxr-x--- 2 rgeddes rgeddes 80 2008-02-18 15:18 test and I add www-data to the rgeddes group in /etc/group, the directory fails to show up. This does not make sense to me as www-data is part of the rgeddes group and rgeddes has r-x permissions. Is there a reason why www-data is not being granted rgeddes group permissions? Thanks Richard Joshua Slive wrote: On Mon, Feb 25, 2008 at 12:59 AM, Richard Geddes <[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED]> wrote: Hello, I'm using apache 2.2 on Ubuntu 7.10 setting up name-based virtual hosting . The apache servers servicing requests run as www-data. The idea is to allow users to make their own websites under their home directories, and for the admin to symlink the users' DocumentRoot directories below main DocumentRoot directory, and have the apache configuration file with <VirtualHost> sections direct the http requests appropriately. I got this to work correctly, but I had to set the 'other' execution bit for directories that lead to the users symlinked directory. This means that users will have execute permissions on each others' directories, but I want to keep the users strictly separated from each other.... I think the FAQ suggests this, if I'm not mistaken, but I think there is a security issue here. Having world-executable (searchable, really) home directories is not an uncommon configuration. Yes, your users need to be a little more careful about the permissions of stuff inside their home directories, but that isn't such a big deal. Alternatively, do the symlink in the other direction: put the directories under DocumentRoot and include a symlink in the home directories pointing to the correct location so your users know what to edit. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> <http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
