In CGI scripts, there are certain files that are getting "permission denied" when it seems they should be accessible by the apache user. I am running the default package install of apache under fedora. Here is an example:The following is /var/www/cgi-bin/test.pl
Code:
#!/usr/bin/perl
use strict;
[code]...
How can I give 1 user access to mount 1 particular filesystem? This is for Debian 6 64bit.
View 4 Replies View RelatedI'm about to have a web server at home for the first time. I've always missed having full control and not having to contact my hosting company when I need to do some specific changes - and some changes they won't do for you at all.I've chosen the non-GUI Ubuntu Server with LAMP, and nothing more is installed really except for a couple of command line tools from the repository. The LAMP software has been locked down as good as I can by following some guides on the net and using common sense. Like Apache 2 don't have access to the file system except for the www folder, and setting the headers to Prod. MySQL has skip-networking and I've commented out the listen string to localhost. PHP has a truckload of functions that I've disabled in the php.ini, also by following some guides on the net, among some other security enhancing php.ini editing.
The only thing the server will serve is a well known PHP forum and some html docs, and that's all. Nothing advanced or complicated stuff, and I'm definitely not programming PHP myself or letting anyone do it for me.But I do want to sleep well at night knowing that my server is always on and sitting on the edge of my home network! And can I do that? I've heard that you don't need to be worried about getting your Linux server box hacked, but you should be worried about anyone getting root access to it. But is it really that simple? Ubuntu is shipped without root account and you must have the sudo password, right? What's the odds for anyone to get full access to my system?An issue: I've heard that Apache never must run as root. When I do a ps -ef, I see that there are several www-data processes running apache, but there's one root process running apache too. Is this normal and is it safe?An issue: I've heard that PHP can fail pretty easily. But isn't PHP running under apache 2 and limited by the www-data filesystem access?An issue: MySQL is running as a MySQL user, and I guess that's an unprivileged user right?
a friend of mine is doing a small website-project in school (group of ~6 people). They want to use git as VCS and need acces to a server. I have an account on the server from university, but - of course - no root access.
I could create private/public keys for them, to SSH into my account, but I don't want them to have this power I found 'git-shell', which seems to be used for restricted access with git (although I'm not sure whether I understood the functionality).
My question is: Is it possible to configure SSH keys in that way, that the server runs them (and only them) in git-shell in a specified directory (using ~/.ssh/{config,authorized_keys})?
So that they can
- log in with their SSH key
- use git, execute scripts etc.
- use git push/pull from their private+school PC
- work only in a specific directory (like chroot) eg. ~/web-project/
[Code]...
I am installing Big Brother on a CentOS 5.2 running the default Apache 2.2.3. When I try to access any web page I get the following error: Forbidden You don't have permission to access /bb/ on this server. Apache/2.2.3 (CentOS) Server at fmsubbnix Port 80 So far I have:
1) Set the Directory options to FollowSymLinks
2) Verified all directory and file permissions are at 755
3) Set permissions temporarily to 777 and received same error so I am assuming the issue is in a config file somewhere
4) in hhtpd.conf verified <Files ~ "^.ht"> is correct
5) verified the "default" directory is correct (/var/www/html)
I have read and tried several ideas in posts listed on the web but to no avail and am at a loss as to what to look for next..
I installed Apache server with Debian 5.0.2 Lenny. I am trying to write a script which would analysis web log files. I found the log files on /var/log/apache2. There is an access log file, `access.log`. My question is what configuration file determines the location and the name of the access log file. How can I change them? I used CustomLog in /etc/apache2/apache2.conf like below.LogFormat ": %h %l %u %t "%r" %>s %b" common
CustomLog /home/test/my_log_file common Apache2 generated /home/test/my_log_file. But no logs were written in the file even after I run `/etc/init.d/apache2 restart`. Ichanged the log file location. It still didn't work. However, Apache2 still wrote logs in the file `/var/log/apache2/access.log`
I'm using ubuntu 10.04. Apache server is associated with www-data.I frequently run into problems editing or deleting files created by a cgi script, as they have ownership of www-data:www-data.How can I safely modify my system so that the output files are editable or deletable by user tim?
View 2 Replies View RelatedI migrated joomla to my new server and noticed that the script doesn't have the permission to edit it's own configuration file and write to the cache folder. All my files are owned by root, which I guess isn't a good idea.
As what user do the PHP scripts run? Or is this system specific? I don't want to chmod all files to 777 so I'd just like to change file and folder ownerships to the user that is executing that script.
I would like an svn user which is able to check in/out to/from my svn repository by using vn+ssh://svn@blah... but without being able to just log in using ssh or use scp or anything else.s that possible?If I understand, system user accounts have no way to log in (even if we set a home folder, a shell and a password for them ?). But then I did not manage to set things up so that it can use my repositories.
View 2 Replies View RelatedI'm trying to lock down SSH for a particular user who wants to use my server for some development, so I'm making him a little play area.
Problem is I'm having difficulties locking the account down.
I've implemented bashrc which appears to be what I wanted at first, restricting the user to a user directory of my choice, but I now find that firstly the user can't use cd at all, not even cd to directories within the users home directory.
But also I've found bashrc to be pretty pointless security wise because I can just type sh and then do what ever the hell I want? Such as cd / and then ls and see everything on the server.
So I'm wondering if anyone has a solution to this for me?
I want the user to be able to make directories and cd into them in their own user area but not cd .. or / out of their user area.
Where I work, the IT people have the systems setup (wrongly in my opinion) to require not just the user's username but to have the username pre-pended with regional info. Like this:Username: RegionName//UserNamePassword: ********The server I maintain doesn't require this (even though I have it authenticate through the same services as the rest of IT (active directory via ldap))The problem is I see lots of authentication errors in my apache error_log file because people are using the RegionName//UserName login
View 1 Replies View RelatedI want to run a soft that is daemonized, and listens on port 6789. This soft is launched through a php page, so, by the apache user. The probl�me is that the apache user does not has rights to open / listen on a port. I tried to add apache user to the root group, but it won't help. In the application log, I have this every second :
[code]...
I tried to add apache user in the sudoers with a nopasswd but it's still a no go.
I'm having a problem when I try to connect to my apache2 server from any client in my network using the .local address with the firewall on. I opened the port 5353 UDP but I still can't connect. The only way I can connect is disabling the firewall which I don't like to do on the server. What I'm doing wrong?
View 9 Replies View Relatedi have already configured a domain in my server. now i have configured multiple local ip addresses,can i configure a domain for each local ip address. is it possible. if possible how can i access the web page through apache.Because already i am accessing the web page for a pre-configured domain from the path /var/www. if i able to create new domain.From where the apache fetches that index.html file, when requested through browser.
View 5 Replies View RelatedI have a very annoying problem with my Lucid (installed with ubuntustudio's alternate dvd). Two out of four times when I log in my account has some restrictions. I can't mount devices on nautilus and the shutdown button won't be displayed. If I log out and log in I see the restrictions again. Only restarting (with "sudo shutdown -r now" or so) may give me a normal session. On the console works everything normal. I mean i can sudo with my password.
View 2 Replies View RelatedI have folder inside /usr folder /usr/mywork and I want to make user account can only access and modifies files in it and this user can not modifie files out of thus maybe by using rssh or sftp
View 2 Replies View RelatedI'm trying to get Apache to run in a user's home directory. I changed the conf file so that Apache runs under the user and group "kiosk" and changed the DocumentRoot and Directory from the default to "/home/kiosk". Then I set Apache to start at boot (chkconfig --level 235 httpd on) and rebooted. When I checked, httpd is running as kiosk like it should (ps aux | grep httpd). However, when I try wget localhost, I get a 403 response back. If as root I call "httpd -k stop" and then "httpd -k start", then everything works exactly as it should (curiously, if I try using "-k restart", it still doesn't work). After this, httpd still shows as running as kiosk and if I check before calling start, it shows no httpd processes running as expected.
This only happens when I use httpd to stop and then start the web server. If I try to restart using apachectl I still get a 403 error. As an interesting aside, after I've used httpd, if I try using "apachectl restart" I get a "(13)Permission denied: Error retrieving pid file run/httpd.pid" error. This is all on a freshly installed CentOS 5.5 server. Why I'm seeing this very different behaviour from what I thought were just equivalent ways of starting Apache? And then what I could do to get it to start up and run properly on boot? One last item to mention is this isn't a permissions problem. I set the permissions to 777 to both the home and kiosk directories (and 666 to the web files) just to be sure that's not the problem.
I want my apache user (www-data) to be able to umount drives that are mounted with fuse. (i think it is the same as regular umount, but i'm not sure)
when i execute: www-data@1:$ umount /2345umount: /2345 is not in the fstab (and you are not root)
how can i get this done?
I have a fresh fedora 13 install, I managed to browse and setup my phpadmin.....and browse everthing locally. I can not browse the web site from any other machine in my network. All my machines get their IPs from my dhcp (192.168.1.0).I googled and read a thread in this forum, I understood it might be due to SELINUX. I disabled it, rebooted, still have the same behavior, browse my apache locally but not from other machines. I did a telnet from one of my machines using the IP as followstelnet 192.168.1.11 80got the following onnecting To 192.168.1.11...Could not open connection to the host, on port 80: Connect failed.I checked error-log and access_log file, found no hint. I think it should be something related to some fedora systemor firewall or selinux config that is not allowing access to it.
View 4 Replies View RelatedI am looking for the best way to set up permissions in the following situation. I have a web server set up on debian. I have different web sites in /var/www. Each web has a group of developers who each have system users and ssh access to the server. For example i have a web site in /var/www/example.com and a group of developers in group exampledev. I need all the users in exampledev plus the apache user (www-data) to have read write and execute permissions on all the content of the web site. I can give the group exampledev these permissions without a problem. The problem is that when they modify or create new files (they either connect via ssh o sftp which is the same right?) they are created with their user and group rather than exampledev. Am i going down the wrong path? This must be a common situation but i haven't found the solution.
View 5 Replies View RelatedWe have Apache installed on CentOS 5.3 in our laboratory. Indeed the server is running fine for almost two years since it is actually the first CentOS 5 that was released just regularly updated. Now, most of our applications are custom made PHP applications and until now we somehow managed to avoid using PHP to fetch files that are on the internet itself. But now we are desperate because we need to allow PHP to fetch files through Apache but it seems as if Apache is not allowed to make a connection to the outer world. Additionally we use a proxy server to connect to the outer world so right at the beginning http_proxy is used to set that environmental variable. And for the root user it all works fine after that but it seems as if the apache user is not allowed to access the internet. Just to make a remark our web server can be accessed from the outer world so its a one way street for now.
View 1 Replies View RelatedI have installed Apache on Centos, had no issues during setup, httpd seems to be running but I can't access my slice through [url]. It looks like Apache has some issues or something?
View 2 Replies View RelatedI just started using Linux, more specifically the Ubuntu distribution, earlier today. I am attempting, and failing, at setting up my wireless with a usb device. My device is on the list of those supported, and I am trying to install ndiswrapper so that I can use the windows drivers. My problem is, my access is restricted. I can not save to anywhere on my File System. Anyone know how to fix this problem?
View 2 Replies View RelatedIm trying to config my intranet to be accessible from inside the network (lan) without need of password and ask for a passwd for those who are viewing from Wan ....
Today my intranet can only be accessed from Lan, external access give me an Unauthorized message, I took look around, try #irc and still can get the appropriated help, I hope that someone here could help me on that...
A piece of my config:
Code:
I recently started using SVN with Apache for my web development, although I find it really annoying that I have to issue two SVN commands (one local, one remote) to update my web site. I have been looking into SVN post-commit hooks to solve this problem. The only problem is that apache does not have permission to modify files in my user directory... So here is how everything is setup. I am running Slackware 13 full install. There have been no installations overriding any of the default installs.
[Code]....
I was unable to access my dedicated server for few minutes. I have checked the apache error logs and found below notice:
[notice] caught SIGTERM, shutting down
I have tried to search from Google but could not find much information about this error.
I'm trying to set up a small Intranet system to run OpenERP or similar using browser-based clients. I have an Ubuntu machine running 10.04 desktop edition to act as a temporary/testing server until we set up a proper, dedicated machine with 10.04 server edition. I have installed Apache2 from the repos and it is up and running fine - locally. That is the problem, I can't access the server from other machines on the LAN. Ping works, btw. So I've been reading tutorials and howtos for the past week, but for the life of me, I can't find what I'm doing wrong. The standard Apache setup seems to be made to "just work", so although I've looked at the various configuration files mentioned in the tutorials, I haven't actually changed anything.
View 9 Replies View RelatedI set up my first web server and it works flawlessly -when accessed from external network or from other computers on my lan. However, I cannot access it from the computer where the server is run on. I have found numerous people with similar problems but the flavour I am experiencing is somewhat different and no solutions I have found apply to it.
I have two network interfaces on my server, eth0 (public static IP connected to internet directly) and eth1 connected to LAN 192.168.1.0/24 range. The server is 192.168.1.1. It is connected directly to the internet and serves as a SNAT for other comps on the lan.I added "192.168.1.1 www_server_com" to the /etc/hosts on the server and also on the other machines on the LAN. All the other machines can open website without any problem.HOwever, the server itself only opens website if the address islhost. Internal IP, i.e. 192.168.1.1. gets a time out and so does www_server_com ( I cant use dots as I do not have more than 15 posts on the forum )Here is the firewall script I am using.
#!/bin/sh
#
# Example Firewall Script
[code]...
I am trying to set up an ampache server using apache as the webserver. The instructions have the following line as one of the requirments: Your webserver has read access to the /sql/ampache.sql file and the /config/ampache.cfg.php.dist file..I have essentially zero experience with apache, and I'm not sure how to grant read access to a file.
View 1 Replies View RelatedI've created a application,i tried to deploy in JBoss application server..that application working fine.so i tried to run my allication in apache web server,i have done some configuration in apache & installed apache-tomcat connector also..its working fine.but i will try access next page its showing error.
View 1 Replies View Related