File Permissions

[Jim Cornette]

Dotan Cohen wrote:

>> The website I have is just used on a network which only I am the only
>> user for running tests. Funny I know for the purpose of a website to
>> serve many users.
> 
> That's what I'm doing as well. I imagine that for a good portion of
> the live websites on the internet today there are non-public testing
> versions of the sites, just like what you are doing.

Basically, I have the site setup to assure that if my file content was 
transferred to a website, it would work with the program. Currently the 
program accesses files via a shared directory. The files with hyperlinks 
are setup to work with either situation. (web location or share)

>> I could not read the files served up by apache, testing tomorrow.
> 
> I have apache as a group member. So long as the group member has
> read-only access that's fine, right? Why should apache be 'other' if I
> am expecting her to access the files?

 From my brief reading, apache needs to be able to read and execute 
privileges so it can serve the files. I would not think the group of 
apache needs changed from the default setup. I need to read up much more 
on how to setup the files being served and maintaining the distribution 
of files to the server.


>> Isn't apache limited on what it can access, even more than a regular 
>> user?
>>
> 
> Like Tim said, only SELinux pays special attention to Apache. As far
> as the kernel is concerned, apache is just another user, as if grandma
> had an account on the machine. I actually have SELinux disabled, as
> I've found it too cumbersome at my skill level for a
> privately-accessed box. However, for a public box you should use it.

I agree! You cannot assume others are trustworthy even with only 
Intranet conditions.

Jim

> 
> Dotan Cohen
> 
-- 
If society fits you comfortably enough, you call it freedom.
		-- Robert Frost