Solved

Apache Webserver and FTP permissions

Posted on 1998-11-19
3
393 Views
Last Modified: 2013-12-27
I have a Solaris 2.5 (x86) system running the Apache Webserver.  The Apache Webserver is running as the "NOBODY" user and "NOBODY" group.  The root directory for the Apache Webserver is:

/var/www/domain

Under this directory are 4 subdirectories:
/cgi-bin
/htdocs
/logs
/conf

Within the htdocs directory are all the .htm/.html files, .gif and .jpg images for the "root" webpage (these are the pages that a user sees via a browser when he/she types a URL of http://www.domain.com)

ALSO WITHIN the htdocs directory are subdirectories for different webpages.  All of the following directories would be examples of this:
/var/www/domain/htdocs/webpageA
/var/www/domain/htdocs/webpageB
/var/www/domain/htdocs/webpageC
...etc

Each of these sites are accessed via a browser by entering the URL:  http://www.domain.com/webpage~ (where "~" is A, or B, or C, etc.)

Additionally, within each one of the subdirectories (webpageA, webpageB, webpageC, etc.) is a cgi-bin directory.

NOTES:  This web server serves a large school district (comprised of 20 separate schools and a main administrative center).  The domain for the school is ncusd203.org and the main page (maintained by a webmaster at the administrative center) is located at http://www.ncusd203.org

Each one of the schools has its own webpages.  For example, Central H.S. webpages are located at http://www.ncusd203.org/central

Each school has its own "webmaster" that is responsible for that school's webpages.  Each individual school's webmaster needs to be able to FTP files into the proper directory, but NOT be able to change directories (cd ..) using their FTP client software to get into any other school's web directory.  This is to ensure that a webmaster is only responsible for his/her own individual school and isn't able to "accidentally" delete, modify, etc. any other school's webpages.

Now, for the question, how do I actually set up the permissions to dis-allow the changing of directories by each individual, yet still allow the Apache Webserver to access the needed files (remember, the Apache Webserver is running as NOBODY:NOBODY) and still allow all pages to be viewed by the outside world (via browsers).

I have tried to chmod the ".." file in each directory, but this prevented the webpages from being access via the web.

Any thoughts?  I look forward to hearing your answers!  Also, please be kind and don't select "answer" to this question unless you are absolutely sure of the answer.  This will "lock" out the other experts from giving comments.  If a comment provided actually helps me solve this problem, I will email you immeidately and make sure that you are awarded the points!  Thanks.
0
Comment
Question by:turnkey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
ernaniaz earned 300 total points
ID: 2007951
You can do this using only uid and gid permissions. Exemple follows:

User            uid   gid
---------------------------------
account1        1001  users (100)
account2        1002  users (100)
account3        1003  users (100)
.

setup your /var/www/domain/htdocs as:

permissions       uid  gid    name
drwxr-x--- (750)  1001 nobody webpageA
drwxr-x--- (750)  1002 nobody webpageB
drwxr-x--- (750)  1003 nobody webpageC
.

The apache server will read and execute files using the "nobody" gid permission of read and execute (r-x, 5).

Good work.
--Ernani Azevedo
0
 
LVL 1

Expert Comment

by:ernaniaz
ID: 2007952
Sorry, I forgot you request to don't check "answer" while write the text and simulate here im my machine...

--Ernani Azevedo
0
 
LVL 1

Author Comment

by:turnkey
ID: 2007953
Do you know anything about Bourne shell scripting?  I would like to make your suggested changes using a sh script.  I've put an additional question in the "Programming...UNIX" section of experts-exchange for some more points!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question