Solved

How can Apache outside jail access pages in jail while jail users still have permissions to upload files?

Posted on 2008-10-03
4
433 Views
Last Modified: 2013-12-15
My Apache (ver 2.2.8-28.1) was built on openSUSE 11.0 and run a couple of domains.

Yesterday I setup a chroot jail for ssh / scp / sftp with Linux according to: http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/
This works fine, each user get a space /home/jail/home/[username]/

However I want these users to be able to make their own internet pages. Which means that I want some virtual hosts in apache outside of jail, to be able to reache some directories in jail.

If I chgrp to www instead of users, my apache get access to files in /home/jail/home/[users]/public_html ( http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_21316391.html#13321341 ). But then my users loose their permissions to transfer files into their directories...

Is there a way I can accomplish both (without putting apache in jail)?

0
Comment
Question by:kvaade
  • 2
  • 2
4 Comments
 
LVL 13

Expert Comment

by:Rowley
ID: 22634016
Why not approach this another way? Sync the directories to a directory that apache does have access to within its default root. If on the same box, you could script cp, tar, cpio, pax, rsync or whatever you choose to achieve this.

This way, you could also take copies of old stuff before overwriting, so you'll have a history and be able to restore changes quickly without having to use cvs or something similar.
0
 

Author Comment

by:kvaade
ID: 22638242
Rowley: With your approach, will I have to run a cronjob checking every minute for updates, or is it a way to sync on the fly?
0
 
LVL 13

Accepted Solution

by:
Rowley earned 500 total points
ID: 22638342
True, that is perhaps a disadvantage. However, if you use rsync, you can choose to only copy across changes if you desire. Alternatively, you could set a FollowSymLink option for a particular dir in your apache config  and create a link in your docroot that points to your chrooted area...although I prefer the former suggestion. If you can stage the chroot environment and separate it from your apache,  the better.

 You could also set the "other" permission octal to read and point virtual hosts docroots, aliases to this directory. I'm sure there are other and/or better ways to skin this cat too...
0
 

Author Comment

by:kvaade
ID: 22677211
Sorry for my late reply.
I solved my problem by simply changing folder attributes.

But I appreciate your answers Rowley, they have given me some other ideas, thanks!
You have deserved the points!  :)
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can't See Site After DNS Resolved 7 47
Linux hostname change 2 56
More Than One Website On Same DMZ Server 3 55
Coding C# in Linux 8 36
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now