[users@httpd] safe .htaccess permissions

[mantasman <ma...@gmail.com>]

hi, i'm setting up a shared www server under debian with apache2.0 . In
order to make it secure, i use suExec and all users' files are chmoded
to 770. but i must keep .htaccess and passwords files chmoded as 774.
otherwise, apache gives forbidden error and logs say:

pcfg_openfile: unable to check htaccess file, ensure it is readable

is there any ways to have .htaccess chmoded as 770?
what user is "pcfg_openfile" running under?


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] safe .htaccess permissions

[mantasman <ma...@gmail.com>]

I've solved .htaccess problem by adding www-data user to virtualuser_1
group.

However, i'm having another problem now.
I've disabled global error log. my virtual hosts contain line:
"ErrorLog /full/path/to/error_log"

however, all errors are logged into /etc/apache2/logs/error_log . What's
wrong with my config?


On Sat, 2006-05-20 at 06:14 -0400, Bill Jones wrote:
> On 5/20/06, mantasman <ma...@gmail.com> wrote:
> > hi, i'm setting up a shared www server under debian with apache2.0 . In
> > order to make it secure, i use suExec and all users' files are chmoded
> > to 770. but i must keep .htaccess and passwords files chmoded as 774.
> > otherwise, apache gives forbidden error and logs say:
> >
> > pcfg_openfile: unable to check htaccess file, ensure it is readable
> >
> > is there any ways to have .htaccess chmoded as 770?
> > what user is "pcfg_openfile" running under?
> 
> There is no userid pcfg_openfile -- thats a standard error.  I would
> suggest you change those files to be owned by the sam ID as your WWW
> server; you can see who this is by using:
> 
> lsof -i tcp:80
> 
> chown them that id with root as group then chmod them to 0440  --
> should make them secure enough.  if there is such as thing as secure
> enough.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] safe .htaccess permissions

[Bill Jones <te...@gmail.com>]

On 5/20/06, mantasman <ma...@gmail.com> wrote:
> hi, i'm setting up a shared www server under debian with apache2.0 . In
> order to make it secure, i use suExec and all users' files are chmoded
> to 770. but i must keep .htaccess and passwords files chmoded as 774.
> otherwise, apache gives forbidden error and logs say:
>
> pcfg_openfile: unable to check htaccess file, ensure it is readable
>
> is there any ways to have .htaccess chmoded as 770?
> what user is "pcfg_openfile" running under?

There is no userid pcfg_openfile -- thats a standard error.  I would
suggest you change those files to be owned by the sam ID as your WWW
server; you can see who this is by using:

lsof -i tcp:80

chown them that id with root as group then chmod them to 0440  --
should make them secure enough.  if there is such as thing as secure
enough.
-- 
WC (Bill) Jones -- http://youve-reached-the.endoftheinternet.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org