On 02/06/14 21:49, John Andersen wrote:
On 2/6/2014 12:34 PM, Ted Byers wrote:
Hi John,
On 14-02-06 03:23 PM, John Andersen wrote:
On 2/6/2014 12:01 PM, Ted Byers wrote:
After creating /srv/www/htdocs/misc, I applied 'chrgp www /srv/www/htdocs/misc' and 'chmod 755 /srv/www/htdocs/misc'. I do not know if there is a better option. But what is critical is that Apache can serve the PDF my script has created. Is Apache running as www, or is it running as "nobody"?
In uid.conf, I see the User is set to wwwrun and the Group is www. I would assume, then, that it is running as wwwrun. Is that correct, or does that reveal my ignorance of the linux world. ;-)
Well (off the top of my head): if user wwwrun is a member of www, then it restricted to the group permission in that directory, which in your case is read execute.
You need to write in that subdirectory (to create a subdirectory or a file). So it would EITHER need to OWN /srv/www/htdocs/misc, or the Group www would need write authority to that directory. (775)
Someone more accustomed to managing web servers than I could probably recommend best practices.
As usual, the answer is: It depends. If the cache directory is only used by the CGI script, it should be owned by wwwrun. Make sure that the directory is cleaned up regularly, e.g. by a cron job. If that directory with PDF files is used by another process, too, or if sysadmins need write access to it, than group write access is the better way to go. (Or ACLs, if one is not able to tune group ownership fine-grained enough.) Actually, best practice would be to not create such an intermediate file directory directly accessible by Apache at all, but serve the PDF file from the script. If a cache directory is necessary, it should be somewhere else, not under /srv/www/htdocs/; still owned by wwwrun. Or, for larger and more professional demands, one would use an application server that creates and delivers the PDF documents. (Our Web applications generate, format, and deliver millions of individualized documents per year on each installation; PDFs created dynamically by TeX & friends.) Best, Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod, Roedermark, Germany Email: jschrod@acm.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org