Hi Kurt, Thanks for the reply! May you provide the command that properly adds read/execute permissions to DocumentRoot at /opt/fpp/www I am new to learning Linux and could use some help. :)
Thanks agian, Tom On Wed, Sep 14, 2016 at 8:26 AM, Bremser, Kurt (AMOS Austria GmbH) < kurt.brem...@allianz.at> wrote: > Looks like http-web misses read/execute permissions on your DocumentRoot > directory. > > Kurt Bremser > AMOS Austria > > Newton was wrong. There is no gravity. The Earth sucks. > ________________________________________ > Von: Tom Hammond [tomino...@gmail.com] > Gesendet: Mittwoch, 14. September 2016 14:16 > An: users@httpd.apache.org > Betreff: [users@httpd] Change user for Apache web server to a > non-privileged user? [wd-vc] > > Hello everyone, > > I have an Apache 2.2x server and would like to harden security so that > hackers can't get in easily to the Apache webserver. One suggestion is to > change the user/group for Apache to a non-privileged account. > > Currently the user "fpp" is the default user for Apache which has access > to the operating system via sudo commands. > > I entered these commands to create a non-privileged account: > sudo groupadd http-web > sudo useradd -d /opt/fpp/www/ -g http-web http-web > > I then edited /etc/apache2/envvars to change these lines: > export APACHE_RUN_USER=http-web > export APACHE_RUN_GROUP=http-web > > I also ran this command to change user/group permissions on this folder: > sudo chown -R http-web:http-web /var/lock/apache2/ > sudo chown -R http-web:http-web /opt/fpp/www > > Finally, I restarted the Apache service with this command: > sudo service apache2 restart > > When I try to access the website on this server, I receive the following > message: > > > Forbidden: You don't have permission to access / on this server. > > > I've been scouring the Internet trying to figure out how to switch the > default "fpp" Apache user to a non-privileged account and can't figure it > out. Can someone shed some light on this? > > Thanks! > Tom > > AMOS Austria GmbH > 1130 Wien, Hietzinger Kai 101-105 > FN 365014k, Handelsgericht Wien > UID: ATU 66614737 > > http://www.allianz.at > > ******************************************************** > Dieses E-Mail und allfaellig daran angeschlossene Anhaenge > enthalten Informationen, die vertraulich und > ausschliesslich fuer den (die) bezeichneten Adressaten > bestimmt sind. > Wenn Sie nicht der genannte Adressat sind, darf dieses > E-Mail samt allfaelliger Anhaenge von Ihnen weder anderen > Personen zugaenglich gemacht noch in anderer Weise > verwertet werden. > Wenn Sie nicht der beabsichtigte Empfaenger sind, bitten > wir Sie, dieses E-Mail und saemtliche angeschlossene > Anhaenge zu loeschen. > > Please note: This email and any files transmitted with it is > intended only for the named recipients and may contain > confidential and/or privileged information. If you are not the > intended recipient, please do not read, copy, use or disclose > the contents of this communication to others and notify the > sender immediately. Then please delete the email and any > copies of it. Thank you. > ******************************************************** > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
