[K12OSN] OT: need help configuring web server on Ubuntu Server to allow file uploads

David Whitmer thewhitmers at gmail.com
Tue Apr 24 13:25:37 UTC 2007 

Thanks for the advice everyone.

I ended up creating a symlink from a folder I created in /var/www to
the teacher's home folder on that server, then created a cron job to
periodically fix the permissions in that folder so Apache could read
its contents okay.  This process worked really well in my testing.

BTW the cron job was definitely needed as files created in Gnome
(K12LTSP V5) seem to default to 600 permission instead of 755, at
least when I right-clicked on the Desktop and chose "create a new
file" from the context menu.  Perhaps that's a Gnome thing?

For future reference, I'll definitely look into the webdav idea.  That
might be a better long-term solution, especially when planning for the
next school year.

Regarding the Samba suggestion... the web server I'm working with here
is accessible from the public Internet, though it is behind a separate
firewall.  If I were to setup Samba on it, even if it were configured
to only be accessible from the internal LAN, might I then be exposing
the server to security issues from the Internet?

Anyway, thanks again everyone!

David Whitmer

On 4/23/07, Daniel Bodanske <daengbo at gmail.com> wrote:
> Look into setting up webdav on the server. If the teacher logs in to
> the server under webdav, files will automatically have the same owner
> as Apache. Setting it up is not too difficult.
>
> Another option is to export the share under Samba with the teacher as
> the only acceptable user, then force the webserver user/group for all
> writes.
>
> Dan
>
> On 4/24/07, Rob Owens <rowens at ptd.net> wrote:
> > In order for apache to be able to read (and therefore server) files,
> > they much be either readable by the apache user or readable by by
> > everybody.  You can't really get around that.
> >
> > apache's DocumentRoot is normally set to /var/www.  That means that any
> > files in /var/www will be visible to the apache system (but only
> > readable if the permissions are set appropriately).  apache can also
> > follow symlinks (if properly configured), so it can serve files that are
> > not in /var/www -- for instance, /mnt/public_files.  However, there needs
> > to be a symlink:  /var/www/somename which points to /mnt/public_files.
> >
> > If you let your faculty and students drop files into /mnt/public_files,
> > it's almost certain that they'll be accessible through apache.  The only
> > thing that would prevent it is if there were no read permissions on the
> > file.  But most Linux systems default to creating files with 755
> > permissions (rwxr-xr-x), so you should be ok.  Still, there will be
> > occasions where the permissions aren't right.  I've experience a default
> > of 700 permissions (rwx------) when moving files from my digital camera
> > to my computer.  But a cron job could periodically fix all the
> > permissions with this command:
> >
> > chmod -R o+rx /mnt/public_files/*
> >
> > or something similar.
> >
> > -Rob
> >
> > On Mon, Apr 23, 2007 at 10:37:55AM -0400, David Whitmer wrote:
> > > Our school has a small public web server (Ubuntu Server 7.04 with its
> > > LAMP setup), separate from our main web site, just to play around with
> > > learning Apache and related things.
> > >
> > > I want to configure this web server to allow one of our teachers to
> > > easily manage files in one of the web server's folders (e.g.
> > > /var/www/classprojects ).  By "easy", I mean being able to open up a
> > > graphical SSH connection (whether with WinSCP in Windows or "Connect
> > > to SSH server" in Gnome) and just drag-and-drop files/folders to copy
> > > them to the designated web server folder, and have all the file
> > > permissions automatically work so that the general web browsing public
> > > would not have any problems viewing whatever this teacher uploads.
> > >
> > > I have already done a lot of searching, both with Google and in the
> > > Ubuntu forums, and feel like I'm getting the runaround, in that the
> > > advice I have found so far typically sounds like "just install vsftp"
> > > or "just set the file permissions" and then "everything will just
> > > work".  But it doesn't for me.  At least, not so that the file
> > > permissions work automatically, i.e., telling the teacher that after
> > > uploading the files, their permissions would then need to be changed
> > > so the public can view them, would not be acceptable.
> > >
> > > I'm sure I'm overlooking something obvious.  But I do not know what.
> > >
> > > Does anyone have any ideas on what I can or should do to be able to
> > > implement my goal?
> > >
> > > Or maybe a better question might be... What would you all consider to
> > > be a "best practice" when configuring a public web server on which you
> > > want to allow specific users to be able to upload whatever files they
> > > want to the web server, but without requiring that they execute
> > > chown/chmod post-upload so the public can view those files?
> > >
> > > Even just pointing me to an Internet site that would answer my
> > > questions would help immensely.
> > >
> > > Thanks!
> > >
> > > David Whitmer
> > > Director of Media & Technology
> > > Calvary Schools of Holland (Michigan)
> > > web: www.calvaryschoolsholland.org
> > > email: thewhitmers at gmail.com
> > >
> > > _______________________________________________
> > > K12OSN mailing list
> > > K12OSN at redhat.com
> > > https://www.redhat.com/mailman/listinfo/k12osn
> > > For more info see <http://www.k12os.org>
> >
> > _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
> >
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>

More information about the K12OSN mailing list