Solved

Linux File Permissions / Ownership Issue with Links

Posted on 2011-09-07
12
447 Views
Last Modified: 2012-05-12
We are running a web server with CentOS, PHP, Apache, etc.

I have a common set of files and folders for our CMS that I like to keep in one shared location.
ex: /usr/local/share/cms/core

Each user has their own hosting account at /home/username/www and I have been creating a link to the shared files with:
ln -s /usr/local/share/cms/core ./core

The shared files and folders are all owned by root:root and are set to 755.

When I am logged in via SSH as a regular user I can access the shared files location and create the link to the shared files. However, when I browse to www.domainname.com/core I get a 404. If I change the ownership of the link to root:root instead of username:username only then I can access www.domainname.com/core

PHP is set to execute as the user.

The problem is that users can't create the link and then change ownership to root. From time to time we're going to be giving 3rd parties access to specific user accounts, but I don't want to give out root access.

How can I configure this such that a link created by the user will be able to access the files in the shared location?

(Apologies if I've been vague or left out any important details. Ask away and I'll respond asap.)
0
Comment
Question by:RKFcomputers
  • 5
  • 3
  • 3
  • +1
12 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 36496090
Use the alias command under each vhost config:

Alias /core /usr/local/share/cms/core
0
 

Author Comment

by:RKFcomputers
ID: 36496125
Interesting idea ... I haven't played with the alias feature before. I'll check into it a bit.
0
 

Author Comment

by:RKFcomputers
ID: 36496265
I'm not sure the alias option will work for what we're trying to do. I want the user to be able to create the link (sometimes it will have to be in a subfolder or subdomain), and sometimes it will have to be moved.

Ex: Developing new site on new.domainname.com, so create the link at /home/username/www/sub/new/core
Deploy to main site after development by moving to /home/username/www/core
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 28

Expert Comment

by:Jan Springer
ID: 36496497
Well, if you are allowing that directive in an .htaccess file, you can always implement it in that fashion.
0
 
LVL 40

Expert Comment

by:noci
ID: 36496654
Testing in a different virtal host?   like  test.example.com in stead of www.example.com
0
 
LVL 1

Accepted Solution

by:
asmodeus66 earned 500 total points
ID: 36501628
I'd guess your apache runs as root and if my guess is correct then you need to do this

<Directory whatever/it/is>
    Options +FollowSymLinks -SymLinksIfOwnerMatch [your extra options]
</Directory>
0
 
LVL 1

Expert Comment

by:asmodeus66
ID: 36501635
0
 

Author Comment

by:RKFcomputers
ID: 36501734
@asmodeous66,

Actually, apache runs as "nobody".

Should I try setting the ownership or group of the shared files to nobody? I think we tried that option at one point, but I can take another swing at it.

0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 36502737
The problem with the symlinks option is that the owner might not match.
0
 

Author Comment

by:RKFcomputers
ID: 36509595
@jesper,

You're right - that's the problem. To date, the sites only worked when the symlink was owned by "root", which a regular user can't create/set.

@asmodeus66,

I tried adding "Options +FollowSymLinks -SymLinksIfOwnerMatch" to the .htaccess file in /home/username/www and that worked!

Now, if I've read and understood correctly that can cause a bit of a performance hit, so I tried to be more specific:
<Directory /home/demoshop/www>
Options +FollowSymLinks -SymLinksIfOwnerMatch
</Directory>

Can the <Directory> commands only be used in the main conf file, or is there something wrong with my syntax? I tried a few variations, and just got the usual 500 server error :)
0
 
LVL 1

Assisted Solution

by:asmodeus66
asmodeus66 earned 500 total points
ID: 36509625
yes the <Directory> directive can only be used in main config either in server confing or in virtual host confing
http://httpd.apache.org/docs/2.0/mod/core.html#directory

while Options directive can be used in .htaccess which is basically the same as putting it in <directory path/to/htaccess/dir>
http://httpd.apache.org/docs/2.0/howto/htaccess.html
0
 

Author Closing Comment

by:RKFcomputers
ID: 36509707
We're testing this in the htaccess on a few sites now, and it appears to be working well.

I'm hesitant to make too many changes to the main httpd.conf file as we use cPanel and it tends to overwrite manual edits. Long term, we'll look into preserving the core conf changes with cPanel.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Stream live video from Raspberry Pi camera 22 149
How to learn Linux? 10 60
How to redirect all users but me properly to another page with htaccess 2 90
Linux VM 6 86
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now