ramprage
May 8 2003, 06:46 PM
I've read that it's not good to have Apache running as 'nobody' user and group. Can someone please direct me how to setup a group called www or something similar for this?
I've searched but haven't found much - please PM me if you like.
Thanks
Dave#
May 9 2003, 02:36 AM
groupadd www
usradd -g www apache
edit httpd.conf
User nobody
Group nobody
to
User apache
Group www
although I'm not sure if cpanel needs httpd to run as nobody . . .
freddo
May 9 2003, 05:44 PM
IMHO there is no problem running apache as nobody - as long as your running suexec and phpsuexec. Running these two makes sure that cgi and php runs as the respective owner and not as owned by apache (nobody).
sqsisa
May 10 2003, 03:06 PM
QUOTE
Originally posted by freddo
IMHO there is no problem running apache as nobody - as long as your running suexec and phpsuexec. Running these two makes sure that cgi and php runs as the respective owner and not as owned by apache (nobody).
Anyone have a 'How To On PHPsuexec'?
And what will I need to change after?
My fourms shoot out a ton of mail via PHP.
Pimpenstein
May 10 2003, 03:12 PM
Just use the easyapache script in /scripts , just select option number two from the list... or choose advanced if you feel comfortable with it and want more options.
freddo
May 10 2003, 05:17 PM
you need to chmod all php files 755 and chown all php files to the correct owner. I used the recursive option to chmod and chown all files (php, inc etc) in the directory and below it. Works fine.
man chmod
man chown
sqsisa
May 10 2003, 05:46 PM
Did you chown and chmod from /home down?
freddo
May 10 2003, 05:51 PM
No, just the directories that contain php. for instance /home/mine/phpmyadmin because phpmyadmin contains php files. Not /home/mine because it contains html as well. If i have a php in /home/mine I just chmod the php file. It's just like using cgi scripts.
sqsisa
May 10 2003, 07:16 PM
Thanks
freddo
May 15 2003, 11:51 PM
You can chmod all inc files containing passwords to 700. This successfully stops SSH wanderers from reading your passwords. You cannot chmod www readable files 700, so passwords need to be in a seperate file and included or required (standard practice for most php programmers).
ramprage
Sep 20 2004, 04:26 PM
I have set apache to run as user: apache and group: apache
but now all my sites show 404 forbidden errors.
zubuz
Sep 21 2004, 05:06 PM
QUOTE
Originally posted by ramprage
I have set apache to run as user: apache and group: apache
but now all my sites show 404 forbidden errors.
You may need to check permissions for the files. If the files are owned by a user.group other than apache.apache, and the "world" permissions are insufficient for apache.apache to read them, then you're going to get a "forbidden" error.
The solution to this problem is to use suexec and phpsuexec. Of course, that can break some software packages, but that's a great deal more secure than chmod'ing all the files you need to sufficient permissions for anybody to read them.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.