RE: [expert] Virtual Hosting Question
>For your example, I think this will work for you
> grep /home/ /home/scott/homedirpass \
> | awk -F: '{ print $1 " " $4; }' \
> | while read pwuser pwgid ; do \
> [ -d ~$pwuser ] || ( chown -R $pwuser.$pwgid
~$pwuser ) \
> done
Dan-
I was able to get it working, thank you! I had to add a /home in front
of
$pwuser after the chown!
Thanks again.
-Scott
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] Virtual Hosting Question
Scott,
> At 05:08 PM 9/23/2002 -0700, you wrote:
> > ls -R | grep ":$" | sed 's#:$##' | awk '{print "\""$0"\""}' | xargs
> > chmod g+s
>
> Could I use something like this to set the proper ownership of a directory as
> well?
>
> I have copied all the user accounts from the BSDI machine to the Mandrake
> box, then I used a shell script to set the proper ownership of the directories,
> but I need to go in and set the sub directories. Here is the base script I am
> working off of, but I don't think it likes the -R option.
>
> grep /home/ /home/scott/homedirpass | awk -F: '{ print $1 " " $4 " " $6
> ; }' \
>| while read pwuser pwgid pwhome ; do
> [ -d $pwhome ] || ( chown $pwuser:$pwgid $pwhome )
> done
>
> homedirpass is a copy of the Linux passwd file after I ran the script to
> convert the accounts to the new machine.
For ownership, it is much simpler to use the -R option
chown -R owner.group directory
For file permission, that gets trickier because directories and
executables need the 'x' bit set. But for regular files, use
chmod -R 640 directory
and then fix directories by using
find directory -type d -exec chmod 750 {} \;
For your example, I think this will work for you
grep /home/ /home/scott/homedirpass \
| awk -F: '{ print $1 " " $4; }' \
| while read pwuser pwgid ; do \
[ -d ~$pwuser ] || ( chown -R $pwuser.$pwgid ~$pwuser ) \
done
Thanks... Dan.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] Virtual Hosting Question
At 05:08 PM 9/23/2002 -0700, you wrote:
> ls -R | grep ":$" | sed 's#:$##' | awk '{print "\""$0"\""}' | xargs
> chmod g+s
Could I use something like this to set the proper ownership of a directory as
well?
I have copied all the user accounts from the BSDI machine to the Mandrake
box, then I used a shell script to set the proper ownership of the directories,
but I need to go in and set the sub directories. Here is the base script I am
working off of, but I don't think it likes the -R option.
grep /home/ /home/scott/homedirpass | awk -F: '{ print $1 " " $4 " " $6
; }' \
| while read pwuser pwgid pwhome ; do
[ -d $pwhome ] || ( chown $pwuser:$pwgid $pwhome )
done
homedirpass is a copy of the Linux passwd file after I ran the script to
convert the accounts to the new machine.
Thanks,
-Scott
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] Virtual Hosting Question
Daniel Woods wrote on Tue, Sep 24, 2002 at 01:58:42PM -0600 :
>
> > > find /var/www -type d -exec chmod g+s {} \;
> > Does it work if the directory name or path contains spaces? I am unable
> > to test at the moment (short on time).
> Yes.
I tested and verified that it does work. But I have one comment about
what you posted below:
> # mkdir '/tmp/test with spaces'
> # find /tmp -type d -exec echo {} \;
> .
> ./.font-unix
> ./BACKUP
> ./BACKUP/SQL
> ./kde-dwoods
> ./.ICE-unix
> ./test with spaces
What you have done here does not prove the test. I get the same results
by doing:
echo "dir owned by todd"
echo dir owned by todd
> # rm -rf '/tmp/test with spaces'
See how you had to put quotes around the path? That's what my awk did.
I had to do that because the following are not identical because the
space is normally an argument delimiter:
rm -rf "/tmp/test with spaces"
rm -rf /tmp/test with spaces
And after testing, I verified that the find command when it replaces the
{} argument with the value that it is currently processing, it does in
fact quote it, so that answers my question:
[root@fiji ~]# mkdir dir1
[root@fiji ~]# cd dir1
[root@fiji ~/dir1]# mkdir "this is a test"
[root@fiji ~/dir1]# mkdir "this is test 2"
[root@fiji ~/dir1]# mkdir ouch
[root@fiji ~/dir1]# cd ..
[root@fiji ~]# find dir1 -type d -exec chmod g+s {}
find: missing argument to `-exec'
[root@fiji ~]# find dir1 -type d -exec chmod g+s {} \;
[root@fiji ~]# vdir dir1
total 12
drwxr-sr-x2 root root 4096 Sep 24 14:51 ouch
drwxr-sr-x2 root root 4096 Sep 24 14:51 this\ is\ a\
test
drwxr-sr-x2 root root 4096 Sep 24 14:51 this\ is\ test\ 2
Thanks for the command and thanks for making me think about it thanks
for letting me verbalize what was going through my head.
I actually did try to use the find command originally, but I kept
getting that damned "missing argument to -exec" error message. I am an
idiot sometimes. I forgot all about escaping the ; at the end. :(
Blue skies... Todd
--
MandrakeSoft USA http://www.mandrakesoft.com
Mandrake: An amalgam of good ideas from RedHat, Debian, and MandrakeSoft.
All in all, IMHO, an unbeatable combination. --Levi Ramsey on Cooker ML
Cooker Version mandrake-release-9.0-0.3mdk Kernel 2.4.19-12mdk
msg58026/pgp0.pgp
Description: PGP signature
Re: [expert] Virtual Hosting Question
> Daniel Woods wrote on Tue, Sep 24, 2002 at 10:46:22AM -0600 :
> >
> > > all the directories and set the sgid bit. But a oneline bash command
> > > will do it for you:
> > > ls -R | grep ":$" | sed 's#:$##' | awk '{print "\""$0"\""}' | xargs chmod g+s
> > > Work through the logic and it will start to make sense. The awk
> > > statement is included for the sole purpose of putting quotes around the
> > > name incase it contains spaces or funky characters.
> > Although I think this would be much cleaner to use...
> > find /var/www -type d -exec chmod g+s {} \;
>
> Does it work if the directory name or path contains spaces? I am unable
> to test at the moment (short on time).
Yes.
# mkdir '/tmp/test with spaces'
# find /tmp -type d -exec echo {} \;
.
./.font-unix
./BACKUP
./BACKUP/SQL
./kde-dwoods
./.ICE-unix
./test with spaces
# rm -rf '/tmp/test with spaces'
Thanks... Dan.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] Virtual Hosting Question
At 05:08 PM 9/23/2002 -0700, you wrote: >Assuming that you use user apache and group apache to run the webserver: > chmod -R 750 /usr/www > chgrp -R apache /usr/www > chmod g+s /usr/www > chmod g+s /usr/www/* >But you better make damn sure that apache can read those files before >you consider yourself done. Thank you! I am also going to test the response of PHP pages with this config. -Scott --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Virtual Hosting Question
Daniel Woods wrote on Tue, Sep 24, 2002 at 10:46:22AM -0600 :
>
> > all the directories and set the sgid bit. But a oneline bash command
> > will do it for you:
> > ls -R | grep ":$" | sed 's#:$##' | awk '{print "\""$0"\""}' | xargs chmod g+s
> > Work through the logic and it will start to make sense. The awk
> > statement is included for the sole purpose of putting quotes around the
> > name incase it contains spaces or funky characters.
> Although I think this would be much cleaner to use...
> find /var/www -type d -exec chmod g+s {} \;
Does it work if the directory name or path contains spaces? I am unable
to test at the moment (short on time).
Blue skies... Todd
--
MandrakeSoft USA http://www.mandrakesoft.com
Never take no as an answer from someone who's not authorized to say yes.
--Ben Reser on Cooker ML
Cooker Version mandrake-release-9.0-0.3mdk Kernel 2.4.19-12mdk
msg58018/pgp0.pgp
Description: PGP signature
Re: [expert] Virtual Hosting Question
> Any new subdirectories created by the users will automatically have the
> sgid bit set. Unfortunately, it's not simple to automatically recurse
> all the directories and set the sgid bit. But a oneline bash command
> will do it for you:
> ls -R | grep ":$" | sed 's#:$##' | awk '{print "\""$0"\""}' | xargs chmod g+s
>
> Work through the logic and it will start to make sense. The awk
> statement is included for the sole purpose of putting quotes around the
> name incase it contains spaces or funky characters.
Although I think this would be much cleaner to use...
find /var/www -type d -exec chmod g+s {} \;
Thanks... Dan.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] Virtual Hosting Question
Hi, try setting the files to 600. That makes them specifically viewable to one user. In case of perl scripts, etc, you might want 700 instead. - Original Message - From: Scott <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, September 23, 2002 7:35 PM Subject: [expert] Virtual Hosting Question > I am hosting about 100 web sites on a Mandrake 8.2 server and have a best > practices question regarding the directories. > > I have them set up as follows: > /usr/www/site1 > /usr/www/site2 > etc > > Most of the sites are ones that the user updates themselves. When I > create an account for them I use the web space for their home directory so > when they log in they are right in the directory. My question's are: > 1)Is this cool or something lame I learned the wrong way > 2)What do you set the web files to in order to protect them from wandering > eyes? Most users just use something like CuteFTP and drop the files, but > if someone wanted to log into the box they could wander and read other web > sites code. > Any suggestions welcome. > > Thanks in advance. > > -Scott > > > > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Virtual Hosting Question
Scott wrote on Mon, Sep 23, 2002 at 07:35:12PM -0400 :
>
> Most of the sites are ones that the user updates themselves. When I
> create an account for them I use the web space for their home directory so
> when they log in they are right in the directory. My question's are:
> 1)Is this cool or something lame I learned the wrong way
Sounds good.
> 2)What do you set the web files to in order to protect them from wandering
> eyes? Most users just use something like CuteFTP and drop the files, but
> if someone wanted to log into the box they could wander and read other web
> sites code.
Assuming that you use user apache and group apache to run the webserver:
chmod -R 750 /usr/www
chgrp -R apache /usr/www
chmod g+s /usr/www
chmod g+s /usr/www/*
But you better make damn sure that apache can read those files before
you consider yourself done.
What this does is make mode 750 for all files and directories under and
include /usr/www (750 is rwxr-x---). Then make group apache be the
owner of all files and directories. Then (this is the magic), set the
sgid bit of the directory /usr/www. Since it's owned by group apache,
the sgid bit being set on the directory makes any file that is created
be owned by group apache (and of course, the user who created it).
Any new subdirectories created by the users will automatically have the
sgid bit set. Unfortunately, it's not simple to automatically recurse
all the directories and set the sgid bit. But a oneline bash command
will do it for you:
ls -R | grep ":$" | sed 's#:$##' | awk '{print "\""$0"\""}' | xargs chmod g+s
Work through the logic and it will start to make sense. The awk
statement is included for the sole purpose of putting quotes around the
name incase it contains spaces or funky characters.
Blue skies... Todd
--
| MandrakeSoft USA | Security is like an onion. It's made |
| http://www.mandrakesoft.com | made up of several layers and makes |
| http://www.mandrakelinux.com | you cry. --Howard Chu|
Cooker Version mandrake-release-9.0-0.3mdk Kernel 2.4.19-12mdk
msg57974/pgp0.pgp
Description: PGP signature
