You don't have permission error in Apache in CentOS

后端 未结 2 1903
不思量自难忘°
不思量自难忘° 2021-02-09 14:09

I have installed apache 2.2 in centos 6. Everything worked fine when the apache folder was at its default location /var/www/html. Then I configured a Virtual host i

2条回答
  •  终归单人心
    2021-02-09 14:27

    This is (for me at least) a doubtful design. It basically means that the Apache user has WRITE access to all that user's files including secrets for example ssh-keys.

    Not fun if a cracker attacks apache.

    A simple modification would be while running as 'anjan':

    chmod -R g-rwx ~ # undo the unsafe -R first
    chmod g+rx ~ ~/workspace
    chmod -R g+rx ~/workspace/mfs
    

    If apache is a member of the 'anjan' group.

    My recommendation is to use ACL:s if the filesystem supports that.

    Is SELinux running now ? It should be so and if is still the case that the SELinux policy blocks apache's access to workspace/mfs a number of messages from sealert should be evident in var/log/messages. This problem is usually fixed with a judicious usage of setsebol.

    Disabling SELinux because something isn't working and recommending that method is njaa....

    The original problem is that apache runs as itself and because of that is slumped in the other category when calculating permissions.

    chmod o+rx ~anjan/ ~anjan/workspace/ ~anjan/workspace/mfs
    

    should be enough.

    CentOS 6 is a free (as in free beer) version of RedHat Enterprise Linux and as such RedHat's document https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/ is a necessity.

提交回复
热议问题