Solved

How can Apache outside jail access pages in jail while jail users still have permissions to upload files?

Posted on 2008-10-03
4
437 Views
Last Modified: 2013-12-15
My Apache (ver 2.2.8-28.1) was built on openSUSE 11.0 and run a couple of domains.

Yesterday I setup a chroot jail for ssh / scp / sftp with Linux according to: http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/
This works fine, each user get a space /home/jail/home/[username]/

However I want these users to be able to make their own internet pages. Which means that I want some virtual hosts in apache outside of jail, to be able to reache some directories in jail.

If I chgrp to www instead of users, my apache get access to files in /home/jail/home/[users]/public_html ( http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_21316391.html#13321341 ). But then my users loose their permissions to transfer files into their directories...

Is there a way I can accomplish both (without putting apache in jail)?

0
Comment
Question by:kvaade
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 13

Expert Comment

by:Rowley
ID: 22634016
Why not approach this another way? Sync the directories to a directory that apache does have access to within its default root. If on the same box, you could script cp, tar, cpio, pax, rsync or whatever you choose to achieve this.

This way, you could also take copies of old stuff before overwriting, so you'll have a history and be able to restore changes quickly without having to use cvs or something similar.
0
 

Author Comment

by:kvaade
ID: 22638242
Rowley: With your approach, will I have to run a cronjob checking every minute for updates, or is it a way to sync on the fly?
0
 
LVL 13

Accepted Solution

by:
Rowley earned 500 total points
ID: 22638342
True, that is perhaps a disadvantage. However, if you use rsync, you can choose to only copy across changes if you desire. Alternatively, you could set a FollowSymLink option for a particular dir in your apache config  and create a link in your docroot that points to your chrooted area...although I prefer the former suggestion. If you can stage the chroot environment and separate it from your apache,  the better.

 You could also set the "other" permission octal to read and point virtual hosts docroots, aliases to this directory. I'm sure there are other and/or better ways to skin this cat too...
0
 

Author Comment

by:kvaade
ID: 22677211
Sorry for my late reply.
I solved my problem by simply changing folder attributes.

But I appreciate your answers Rowley, they have given me some other ideas, thanks!
You have deserved the points!  :)
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question