forked from rrrgh/exercise
-
Notifications
You must be signed in to change notification settings - Fork 0
/
apach(httpd)-note
98 lines (68 loc) · 3.2 KB
/
apach(httpd)-note
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#Install LAMP Stack (Apache, MariaDB And PHP) In Fedora 22
#http://www.unixmen.com/how-to-install-lamp-stack-apache-mariadb-and-php-in-fedora-22/
su
dnf install httpd -y
systemctl enable httpd
#And adjust the firewall to allow the httpd service to access it from remote clients.
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
Restart firewalld service:
firewall-cmd --reload
dnf install mariadb mariadb-server -y
systemctl enable mariadb
systemctl start mariadb
mysql_secure_installation
dnf install php phpMyAdmin php-mysql php-common php-cli php-fpm -y #PHP command Line Interpreter (http://www.tecmint.com/run-php-codes-from-linux-commandline/)
ps aux | grep httpd
ps aux | grep apache
httpd -V
#Removing user r from group apache
# gpasswd -d r apache
Best permissions, ownership and paths for apache document root?
sudo groupadd webadmin
sudo usermod -a -G webadmin r
#groups r
sudo chown -R root:webadmin /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} +
find /var/www -type f -exec chmod 0664 {} +
+ACL? #Override umask using ACLs to make all files created in a given directory world readable?
setfacl -d -m o:r /var/www
#get detailed info on the acl using getfacl:
getfacl /var/www
#fedora
setfacl -Rm u:apache:rwX /var/www/rss
setfacl -Rm d:u:apache:rwX,u:apache:rwX /var/www/rss
#ubuntu
setfacl -Rm d:u:www-data:rwX,u:www-data:rwX /var/www/rss
#setfacl -Rm u:www-data:rwX /var/www/rss
#Setup Virtual Hosts In Apache On Ubuntu 14.04 LTS
cd /etc/apache2/sites-available
sudo cp 000-default.conf nkk.com.conf
ServerName nkk.com
ServerAlias www.nkk.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/nkk
sudo a2dissite 000-default.conf
sudo a2ensite nkk.com.conf
sudo service apache2 reload
sudo vim /etc/hosts
<<<
What's the best way of handling permissions for apache2's user www-data in /var/www?
Create a new group (www-pub) and add the users to that group
groupadd www-pub
usermod -a -G www-pub usera ## must use -a to append to existing groups
usermod -a -G www-pub userb
groups usera ## display groups for user
Change the ownership of everything under /var/www to root:www-pub
chown -R root:www-pub /var/www ## -R for recursive
Change the permissions of all the folders to 2775
chmod 2775 /var/www ## 2=set group id, 7=rwx for owner (root), 7=rwx for group (www-pub), 5=rx for world (including apache www-data user)
Set group ID (SETGID) bit (2) causes the group (www-pub) to be copied to all new files/folders created in that folder. Other options are SETUID (4) to copy the user id, and STICKY (1) which I think lets only the owner delete files.
There's a -R recursive option, but that won't discriminate between files and folders, so you have to use find, like so:
find /var/www -type d -exec chmod 2775 {} +
Change all the files to 0664
find /var/www -type f -exec chmod 0664 {} +
Change the umask for your users to 0002
The umask controls the default file creation permissions, 0002 means files will have 664 and directories 775. Setting this (by editing the umask line at the bottom of /etc/profile in my case) means files created by one user will be writable by other users in the www-group without needing to chmod them.
>>>