Solved

How can Apache outside jail access pages in jail while jail users still have permissions to upload files?

Posted on 2008-10-03
4
436 Views
Last Modified: 2013-12-15
My Apache (ver 2.2.8-28.1) was built on openSUSE 11.0 and run a couple of domains.

Yesterday I setup a chroot jail for ssh / scp / sftp with Linux according to: http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/
This works fine, each user get a space /home/jail/home/[username]/

However I want these users to be able to make their own internet pages. Which means that I want some virtual hosts in apache outside of jail, to be able to reache some directories in jail.

If I chgrp to www instead of users, my apache get access to files in /home/jail/home/[users]/public_html ( http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_21316391.html#13321341 ). But then my users loose their permissions to transfer files into their directories...

Is there a way I can accomplish both (without putting apache in jail)?

0
Comment
Question by:kvaade
  • 2
  • 2
4 Comments
 
LVL 13

Expert Comment

by:Rowley
ID: 22634016
Why not approach this another way? Sync the directories to a directory that apache does have access to within its default root. If on the same box, you could script cp, tar, cpio, pax, rsync or whatever you choose to achieve this.

This way, you could also take copies of old stuff before overwriting, so you'll have a history and be able to restore changes quickly without having to use cvs or something similar.
0
 

Author Comment

by:kvaade
ID: 22638242
Rowley: With your approach, will I have to run a cronjob checking every minute for updates, or is it a way to sync on the fly?
0
 
LVL 13

Accepted Solution

by:
Rowley earned 500 total points
ID: 22638342
True, that is perhaps a disadvantage. However, if you use rsync, you can choose to only copy across changes if you desire. Alternatively, you could set a FollowSymLink option for a particular dir in your apache config  and create a link in your docroot that points to your chrooted area...although I prefer the former suggestion. If you can stage the chroot environment and separate it from your apache,  the better.

 You could also set the "other" permission octal to read and point virtual hosts docroots, aliases to this directory. I'm sure there are other and/or better ways to skin this cat too...
0
 

Author Comment

by:kvaade
ID: 22677211
Sorry for my late reply.
I solved my problem by simply changing folder attributes.

But I appreciate your answers Rowley, they have given me some other ideas, thanks!
You have deserved the points!  :)
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question