Solved

running apache under its own user account

Posted on 2006-10-28
3
268 Views
Last Modified: 2013-12-16
I have a dedicated server I want to configure to get around this problem:

Only files owned by Apache are accessible to PHP scripts, this is often impractical when many developers are working on the same project, or when you want PHP to read a file without changing its ownership.   And visa-versa: files created by Apache are not accessible by my user account when I ftp.

I had a linux admin set up the server but he's gone awol on me.

Here's what's been done so far:

Created an Apache group:

   When I ftp in and create a directory, its ownership is:

      Owner awarner
      Group Apache
      perms: 755

  When I upload a file:

      Owner awarner
      Group Apache
      perms: 644    

In php.ini

   safe_mode = Off
   safe_mode_gid = On

(With safe_mode_gid enabled instead of safe_mode, PHP will be able to open files that belong to Apache's group regardless of the owner, so if there are several developers working on the same server, add them to Apache's group, make it their default group, and everything should be set.)


Apache runs as nobody, nobody. Do I add nobody to the Apache group, or do I change the user account apache runs under to Apache (and how)

According WebMin, both user Apache and nobody belong to these secondary groups. Why so many? Is this right?

root
bin
daemon
sys
adm
tty
disk
lp
mem
kmem
wheel
mail
news
uucp
man
games
gopher
dip
ftp
lock
nobody
users
dbus
floppy
vcsa
rpm
utmp
haldaemon
slocate
pcap
named
netdump
sshd
rpc
mailnull
smmsp
apache
squid
webalizer
xfs
ntp
dovecot
screen
cw          <-- another user
mysql
awarner   <-- me

0
Comment
Question by:drew22
  • 2
3 Comments
 
LVL 10

Expert Comment

by:ssvl
ID: 17825500
1. if you run via http yes php is only access apache owned or permited files
0
 
LVL 1

Author Comment

by:drew22
ID: 17825817
Apache runs as nobody, nobody. Do I add nobody to the Apache group, or do I change the user account apache runs under to Apache (and how)
0
 
LVL 10

Accepted Solution

by:
ssvl earned 500 total points
ID: 17826207
change the configration file to

user apache
group apache
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
LINUX ZIP - UNCOMPRESS WINDOWS PATH 3 86
Scripted configuration of TightVNC with Start on boot 7 51
PC upgrade to Linux Mint 7 64
is my large folder zipped corrupted 4 47
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now