Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Not seeing linked directory in localhost



More generally, Dave needs to master the whole concept of UNIX permissions. 
What tutorials and in-depth tomes can y'all point Dave to? 

The concept of least privilege is an important one. 

Dave M G wrote:

> It was suggested that 750 might be better just in case I was concerned 
> about others using my computer.

That depends on who's in the group. 
Even so, I'm wary of it. 

> But 755 was also suggested. I just now set my /home/dave directory to 
> 755, and now I can see the web_sites directory at localhost from within 
> FireFox.

755 allows everyone to roam your home directory, 
which is lousy from a security standpoint. 
Even choking ~dave down to 750 where the group includes 
only apache and dave is poor. Apache only has business 
reading your web pages, not your home directory (that 
has many little configuration files). 

It would be better for dave to have a directory somewhere off of 
/var that (only) dave had permission to fiddle and that apache 
could only read. 

   [jim@example.com jim]$ ll -d /var/wwwdave
   drwxr-xr-x    5 dave     apache         4096 Aug 16  2002 /var/wwwdave
   [jim@example.com jim]$

or

   [jim@example.com jim]$ ll -d /var/wwwdave
   drwxr-x---    5 dave     apache         4096 Aug 16  2002 /var/wwwdave
   [jim@example.com jim]$

Yes, that assumes there is an apache group. 
It might be called something else on your box, 
or you might even have to make a group. 

I would consider having a subdirectory of /var/www/. I.e., 

   [jim@example.com jim]$ ll -d /var/wwwdave/web_sites
   drwxr-x---    5 dave     apache         4096 Aug 16  2002 /var/wwwdave/web_sites
   [jim@example.com jim]$

On Sun, 23 Apr 2006 23:57:50 +0900 Dave M G <martin@example.com> wrote:

> I checked the permissions on /home/dave/web_sites:
> drwxrwxrwx 13 dave dave 4096 2006-04-03 18:35 web_sites

777 permissions are just plain wreckless. Understandable when you are 
troubleshooting while isolated from the Internet, but far too dangerous 
otherwise. 

On Mon, 24 Apr 2006 18:13:10 +0900 Dave M G <martin@example.com> wrote:

> If I'm accessing the 
> /home/dave/web_sites directory from within the "dave" account, which 
> owns the directory, why was I denied access? Why did I have to grant 
> permissions to "others" in order to get access myself?

It might depend how you tell Firefox to access it. 

Accessing /home/dave/web_sites as http://localhost/web_sites/ 
is done only indirectly by Firefox. Apache is doing the actual 
accessing as Godwin pointed out. 

Accessing /home/dave/web_sites as file:///home/dave/web_sites, 
is done directly by Firefox as you (dave). 

Try both ways. 



Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links