Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Anton Piskunov2011-09-12 17:08:35
Apache HTTP Server
Anton Piskunov, 2011-09-12 17:08:35

Apache, mpm-itk and Single Entry?

Here is such a hemorrhoid fell on my head: there is a server with Apache and mpm-itk. Each user has a cozy directory where he is the owner of all folders/files, i.e. vasya:vasya. Apache responds to his domains via mpm-itk and works in the same way as vasya:vasya.
There is a file manager that has a single entry point and has mpm-itk set to www-data:www-data.
Problem: a person through a file manager, having access to his directory, cannot change / create anything without 666 rights for files / folders with the owner vasya:vasya, since the file manager works from under www-data:www-data. The right to exhibit is not a panacea ...
How to be? How to solve the problem with the owner, gentlemen?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
A
Anatoly, 2011-09-12
@taliban

Lots of file managers? fm.vasya.com; fm.vova.com, etc

Report
K
Krio, 2011-09-12
@Krio

And the option to add the www-data user to the vasya group is not an option?

Report
@
@sledopit, 2011-09-12
_

So in your case there are 2 options for development:
1. Change the rights of the files.
2. Change the rights of the owner of the process.
You do not want to follow the second path for your own reasons, although this, IMHO, is the most logical and safe path.
And if you want to go the first way, then you create a potential security hole when any user of the file manager has access not only to their own files, but also to others. However, in addition to the mentioned possibility to add the www-data user to a bunch of groups and change the umask in the web server and something else has access to the files being processed, there is acl. You can use them.

Report
Z
zibada, 2011-09-12
@zibada

use mod_alias:
Alias ​​/filemanager/ "/usr/share/filemanager/"
and put the script there.
physically it will be one copy, but users will not have write permissions or ftp access to it.
Apache rights will be set as needed, depending on the host.

Similar questions
S
s71065002019-01-07 19:37:54
Will I be able to publish 10 copies of Telegram in the AppStore? 5Reply
S
Sergey Brovko2014-07-06 14:28:02
Is it possible to override the Apache global config via vhosts? 2Reply
A
ayapergenov2016-08-01 12:27:25
What to do if there is a conflict with the old version of Wordpress? 2Reply
M
MoyMirok2022-02-22 13:50:55
How to close an anonymous confluence (website)? 5Reply
J
JustFailer2014-07-12 14:02:23
What is port 30005 used for? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question