[program-l] Re: Apache/linux server dynamically changing file/folder permissions?
- From: "Andy B." <sonfire11@xxxxxxxxx>
- To: <program-l@xxxxxxxxxxxxx>
- Date: Tue, 3 Sep 2013 11:06:01 -0400
1. SE is a security package built into most modern linux kernels. can
get quite annoying at times.
2. The server default has been changed, which requires an entirely new
setup in the .conf file.
3. If SE is turned off, or a security policy has been made to allow
this, I use symlinks to my websites that point to an entire 200+GB partition
on a totally different HD set aside for web content.
From: program-l-bounce@xxxxxxxxxxxxx [mailto:program-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Jacob Kruger
Sent: Tuesday, September 3, 2013 10:50 AM
To: program-l@xxxxxxxxxxxxx
Subject: [program-l] Re: Apache/linux server dynamically changing
file/folder permissions?
1. ?SE?
2. document_root is /var/www/domainname.co.za/web
(changed domain name since server isn't currently public yet)
3. Think it's default - or specified in .ini file
And, server_root is: /etc/apache2
Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
----- Original Message -----
From: Andy B. <mailto:sonfire11@xxxxxxxxx>
To: program-l@xxxxxxxxxxxxx <mailto:program-l@xxxxxxxxxxxxx>
Sent: Tuesday, September 03, 2013 4:16 PM
Subject: [program-l] Re: Apache/linux server dynamically changing
file/folder permissions?
1. Is SE turned on?
2. Where are you keeping the website files for apache?
3. How did you tell apache to find these files (if it is different
from the default)?
From: program-l-bounce@xxxxxxxxxxxxx <mailto:program-l-bounce@xxxxxxxxxxxxx>
[mailto:program-l-bounce@xxxxxxxxxxxxx] On Behalf Of Jacob Kruger
Sent: Tuesday, September 3, 2013 10:11 AM
To: program-l@xxxxxxxxxxxxx <mailto:program-l@xxxxxxxxxxxxx>
Subject: [program-l] Re: Apache/linux server dynamically changing
file/folder permissions?
Yup - think apache's user instance is www-data, but, issue isn't that
apache/PHP can't do things with these files, but that it's deciding that
public access to them is something other than I thought it was/set it to - I
will tell apache, via PHP chmod() function to assign 776 permissions to a
file, and, then next time anyone tries to retrieve a file, it's decided that
you're only allowed to either change, or execute a file, but, not just
retrieve/read it, or something.
Unless I'm completely misunderstanding the whole implementation of file
permission application channels, but, still doesn't make sense to me that
the permissions seem to change inbetween requests, etc.
Stay well
Stay well
Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
----- Original Message -----
From: Andy B. <mailto:sonfire11@xxxxxxxxx>
To: program-l@xxxxxxxxxxxxx <mailto:program-l@xxxxxxxxxxxxx>
Sent: Tuesday, September 03, 2013 4:02 PM
Subject: [program-l] Re: Apache/linux server dynamically changing
file/folder permissions?
Probably www-data.
From: program-l-bounce@xxxxxxxxxxxxx <mailto:program-l-bounce@xxxxxxxxxxxxx>
[mailto:program-l-bounce@xxxxxxxxxxxxx] On Behalf Of Jacob Kruger
Sent: Tuesday, September 3, 2013 9:58 AM
To: program-l@xxxxxxxxxxxxx <mailto:program-l@xxxxxxxxxxxxx>
Subject: [program-l] Re: Apache/linux server dynamically changing
file/folder permissions?
From phpinfo() - just pulled some of info off page rendering it:
linux 2.6.32-5-amd64 #1 SMP Sun May 6 04:00:17 UTC 2012 x86_64
Apache 2.0 Handler
Virtual Directory Support disabled
PHP Version 5.3.3-7+squeeze16
Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
----- Original Message -----
From: Andy B. <mailto:sonfire11@xxxxxxxxx>
To: program-l@xxxxxxxxxxxxx <mailto:program-l@xxxxxxxxxxxxx>
Sent: Tuesday, September 03, 2013 3:12 PM
Subject: [program-l] Re: Apache/linux server dynamically changing
file/folder permissions?
It depends on the linux distro as to the apache user. On most distros it is
nobody, fedora it is apache, and Ubuntu it is www-data. It all depends on
the apache package maintainer.
From: program-l-bounce@xxxxxxxxxxxxx <mailto:program-l-bounce@xxxxxxxxxxxxx>
[mailto:program-l-bounce@xxxxxxxxxxxxx] On Behalf Of Homme, James
Sent: Tuesday, September 3, 2013 8:22 AM
To: program-l@xxxxxxxxxxxxx <mailto:program-l@xxxxxxxxxxxxx>
Subject: [program-l] Re: Apache/linux server dynamically changing
file/folder permissions?
Hi Jacob,
My memory tells me that Apache runs as a user called nobody. That user has
very little permissions. That is for security reasons. I'm not sure what the
best solution for this is in your scase.
Thanks.
Jim
From: program-l-bounce@xxxxxxxxxxxxx <mailto:program-l-bounce@xxxxxxxxxxxxx>
[mailto:program-l-bounce@xxxxxxxxxxxxx] On Behalf Of Jacob Kruger
Sent: Saturday, August 31, 2013 7:09 PM
To: Program-l
Subject: [program-l] Apache/linux server dynamically changing file/folder
permissions?
Just posting this here in case someone has an idea about how to 'fix'
this/work around it - since haven't managed to find anything via 'net, or
other PHP specific mailing lists as of yet.
In that small/simple content-management-system posted about other day, issue
seems to be that while am continually/consistently setting output file and
folder permissions to 0776 - owner and group rwx, and public rw - for now -
using PHP's chmod() function, before and after trying to copy/generate any
output content for it, the server seems to be
consistently/dynamically/immediately resetting the permissions to something
slightly different, which won't let me then view/browse all the content.
Silly/simple example is that I will handle image file upload, and copy
uploaded image to a folder in a script, but, sort of immediately, that
image, and the folder it's in, and that one's parent folder are
invisible/unavailable/inaccessible.
Before I then run a sort of recursive script to again reset all content
permissions, I can't even browse the content via FTP interface - for
example.
When generating output/static content, I am also then
consistently/continually resetting path permissions just before/after
creating folders and files, if necessary, and that seems to work, some of
the time, but, not for everything.
Am going to try it out on another server, just to try figure/find out if
it's a specific issue for this server/part of file structure, or something,
but, bit irritating thus far...<smile>
Stay well
Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
_____
This e-mail and any attachments to it are confidential and are intended
solely for use of the individual or entity to whom they are addressed. If
you have received this e-mail in error, please notify the sender immediately
and then delete it. If you are not the intended recipient, you must not
keep, use, disclose, copy or distribute this e-mail without the author's
prior permission. The views expressed in this e-mail message do not
necessarily represent the views of Highmark, its diversified business, or
affiliates.
Other related posts:
