A Thanks for the input.
I found www-data in both the /etc/passwd and /etc/group files, so I assume there is in fact a www-data user and a www-data group. Restarting or reloading the apache server seemed to apply the changes made to the /etc/group file... ie grant the www-data user rgeddes group permissions. R Adam Martin wrote: > > Richard, > > > > I’m new to the group and thought I’d take a crack at this one. Is > www-data a user or group? From the end of your email it sounds like a > user since you added it to the rgeddes group but I am a little > confused when you changed the group from rgeddes to www-data in the > middle of your example. If it is a group then I don’t believe you can > add a group to another group in the /etc/group file. > > > > If it is a user I did a quick test one of our servers to verify but I > don’t believe the adding of a user to a group is dynamic. In order > for the new group assignment to take affect I had to log out and log > in as the test user for the id command to reflect the change. You > didn’t mention it in your email but did you try and restart your > server after adding the www-data user to the rgeddes group? > > > > My apologies if I am misunderstanding your question. > > > > ------------------------------------------------------------------------ > > *From:* Richard Geddes [mailto:[EMAIL PROTECTED] > *Sent:* Tuesday, February 26, 2008 10:08 AM > *To:* users@httpd.apache.org > *Subject:* Re: [EMAIL PROTECTED] Question on permissions > > > > Thanks for the response. > > I set up a directory under the main DocumentRoot called test > > drwxr-xr-x 2 rgeddes rgeddes 80 2008-02-18 15:18 test > > and it appeared in a directory listing in the webpage of my main > DocumentRoot. > > Changed permissions as follows: > > drwxr-x--- 2 rgeddes rgeddes 80 2008-02-18 15:18 test > > and test disappears from the webpage (this makes sense) > > changed group as follows: > > drwxr-x--- 2 rgeddes www-data 80 2008-02-18 15:18 test > > and test appears in the webpage (this makes sense) as the servers are > running as www-data. > > Now if I change the group back to: > > drwxr-x--- 2 rgeddes rgeddes 80 2008-02-18 15:18 test > > and I add www-data to the rgeddes group in /etc/group, the directory > fails to show up. This does not make sense to me as www-data is part > of the rgeddes group and rgeddes has r-x permissions. > > Is there a reason why www-data is not being granted rgeddes group > permissions? > > Thanks > Richard > > > Joshua Slive wrote: > > On Mon, Feb 25, 2008 at 12:59 AM, Richard Geddes > <[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED]> wrote: > >> Hello, >> >> I'm using apache 2.2 on Ubuntu 7.10 setting up name-based virtual >> hosting . The apache servers servicing requests run as www-data. >> >> The idea is to allow users to make their own websites under their home >> directories, and for the admin to symlink the users' DocumentRoot >> directories below main DocumentRoot directory, and have the apache >> configuration file with <VirtualHost> sections direct the http requests >> appropriately. >> >> I got this to work correctly, but I had to set the 'other' execution bit >> for directories that lead to the users symlinked directory. This means >> that users will have execute permissions on each others' directories, >> but I want to keep the users strictly separated from each other.... I >> think the FAQ suggests this, if I'm not mistaken, but I think there is a >> security issue here. >> > > Having world-executable (searchable, really) home directories is not > an uncommon configuration. Yes, your users need to be a little more > careful about the permissions of stuff inside their home directories, > but that isn't such a big deal. > > Alternatively, do the symlink in the other direction: put the > directories under DocumentRoot and include a symlink in the home > directories pointing to the correct location so your users know what > to edit. > > Joshua. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> > <http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > " from the digest: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > >
