[opensuse] making cohabitate php scripts and apache
Hello, I manage my own online servers and usually use /srv/www/htdocs as web root. But sometime or for test purpose I would like to run some php scripts from the public_html of some user. But then I get permission problems. At a moment or an other the scripts bugs When I copy from local computer to the server I use mostly fish (or download directly on the server), so the files use to have local user name:users permissions, when apache wants wwwrun:www (AFAIR). most files I get have 766 permissions (write enabled only for the owner, read everybody), so no read problem but write problems. is there a general openSUSE way to solve this without breaking security? Changing file owner can be only by root... thanks jdd -- http://www.dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
jdd wrote:
Hello,
I manage my own online servers and usually use /srv/www/htdocs as web root. But sometime or for test purpose I would like to run some php scripts from the public_html of some user.
But then I get permission problems. At a moment or an other the scripts bugs
When I copy from local computer to the server I use mostly fish (or download directly on the server), so the files use to have local user name:users permissions, when apache wants wwwrun:www (AFAIR).
Apache runs as wwwrun:www in the default setup, so as long as scripts are world-readable, you should not have any problems with that. If any of your scripts want to write, it's a different story.
most files I get have 766 permissions (write enabled only for the owner, read everybody), so no read problem but write problems.
Sounds good.
is there a general openSUSE way to solve this without breaking security? Changing file owner can be only by root...
jdd, what is the problem? Your setup sounds completely normal. -- Per Jessen, Zürich (12.1°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 03/04/2014 08:11, Per Jessen a écrit :
jdd, what is the problem? Your setup sounds completely normal.
when I speak of scripts, I mean php applications, not bare single simple script See an example. I want to install "piwigo", a php photo gallery. It's fitted to work on an shared web hosting, recommend to install the file through ftp and do the setup, then upload the image through ftp. There are two install ways, nearly automatic and manual. Manual I should transfer the file with ftp and go to the page, give some infos about mysql and go... but this fails, because files are 766 and are owned by me:users when the apache server is wwwrun:www. Impossible to write the config file, impossible to make subsequent software updates or plugins adding. automatically, I have to dl only one file, an install script. I need to make public_html writable, then the script installs files with wwwrun:www and then it's the user than can't anymore access them. the solution may be through suexec. If I understand well this makes apache work as user in public_html. in summary I would like to have a config near the one ISP have, but the openSUSE way as much as possible (suexec is said not to be too secure) thanks jdd NB: when using /srv/www/htdocs, there are also some problems, but manageable as root) -- http://www.dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
jdd wrote:
Le 03/04/2014 08:11, Per Jessen a écrit :
jdd, what is the problem? Your setup sounds completely normal.
when I speak of scripts, I mean php applications, not bare single simple script
Well, a script is a script is a script - a php application is just lots of scripts :-)
See an example.
I want to install "piwigo", a php photo gallery.
It's fitted to work on an shared web hosting, recommend to install the file through ftp and do the setup, then upload the image through ftp.
Right, a pretty common setup.
There are two install ways, nearly automatic and manual.
Manual I should transfer the file with ftp and go to the page, give some infos about mysql and go... but this fails, because files are 766 and are owned by me:users when the apache server is wwwrun:www. Impossible to write the config file, impossible to make subsequent software updates or plugins adding.
Okay, it's the writing that fails.
the solution may be through suexec. If I understand well this makes apache work as user in public_html.
If you have a choice in the matter, I would suggest taking a look at apache2-mpm-itk. This lets you run each request with a dedicated user/group. We're running this in production on openSUSE 12.3 with a patched apache2 2.4, but I think openSUSE 13.1 has it built-in. It works really well. http://mpm-itk.sesse.net/ -- Per Jessen, Zürich (13.7°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
jdd
-
Per Jessen