apache account to run cronjob ?
Alexander Dalloz
ad+lists at uni-x.org
Thu Jun 2 18:58:21 UTC 2005
Am Do, den 02.06.2005 schrieb Matthew Miller um 20:29:
> On Thu, Jun 02, 2005 at 11:13:39AM -0700, M E Fieu wrote:
> > How to settle this issue. Use apache to run cron job
> > to generate those file ? But my apache user account
> > has no shell configured. /bin/nologin I need to
> > enable its shell ?
>
> Make a group named "mysecret". Put apache in that group -- `gpasswd mysecret
> -a apache`, and create a non-privileged user account and put that in same
> group, and have that user run the cron job and make the data mode 640
> (That's "-rw-r-----"). And restart apache.
>
> Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
That is of course a good solution.
Just another comment on permissions: files to be displayed by Apache (if
they are not scripts) don't need the x-bit and one should avoid giving
too much permissions! This is a base rule.
Besides the file's own permissions see that the permissions of the
directory too matter:
$ ls -ld /var/www/html/test
drwx--x--- 2 root apache 72 2. Jun 20:43 /var/www/html/test
$ ls -al /var/www/html/test/test.html
-rw-r--r-- 1 root root 12 2. Jun 20:44 /var/www/html/test/test.html
Those permissions allow Apache to display the test.html file but will
not allow system users other than root or apache not to spot into the
"test" directory.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp
Serendipity 20:57:36 up 9 days, 19:35, load average: 0.36, 0.40, 0.64
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050602/ee306983/attachment-0001.sig>
More information about the fedora-list
mailing list