apache account to run cronjob ?

[Alexander Dalloz]

Am Do, den 02.06.2005 schrieb Matthew Miller um 20:29:

> On Thu, Jun 02, 2005 at 11:13:39AM -0700, M E Fieu wrote:
> > How to settle this issue.  Use apache to run cron job
> > to generate those file ? But my apache user account
> > has no shell configured. /bin/nologin  I need to
> > enable its shell ?
> 
> Make a group named "mysecret". Put apache in that group -- `gpasswd mysecret
> -a apache`, and create a non-privileged user account and put that in same
> group, and have that user run the cron job and make the data mode 640
> (That's "-rw-r-----"). And restart apache.
>  
> Matthew Miller           mattdm at mattdm.org        <http://www.mattdm.org/>

That is of course a good solution.
Just another comment on permissions: files to be displayed by Apache (if
they are not scripts) don't need the x-bit and one should avoid giving
too much permissions! This is a base rule.
Besides the file's own permissions see that the permissions of the
directory too matter:

$ ls -ld /var/www/html/test
drwx--x---  2 root apache 72  2. Jun 20:43 /var/www/html/test
$ ls -al /var/www/html/test/test.html
-rw-r--r--  1 root root 12  2. Jun 20:44 /var/www/html/test/test.html

Those permissions allow Apache to display the test.html file but will
not allow system users other than root or apache not to spot into the
"test" directory.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp 
Serendipity 20:57:36 up 9 days, 19:35, load average: 0.36, 0.40, 0.64 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050602/ee306983/attachment-0001.sig>