You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Subramani, GnanaShekar (GE Healthcare, non-ge)" <Gn...@med.ge.com> on 2005/01/11 22:30:41 UTC
[users@httpd] start/stop apache & change apache configuration
Hi,
I am asked to implement the following for security reasons.
1. A unix user who has the privileges to start/stop apache with read access to its configuration file.
2. A unix user who could change apache configuration but lacks privilege to start/stop apache.
Please provide inputs on how to do this.
Thanks & Regards,
-GnanaShekar-
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] start/stop apache & change apache configuration
Posted by Ralf Glauberman <rg...@michaeli-gymnasium.de>.
why would you want to allow a user to change configuration without allowing
him to test his changes by applying them?
for the first: you will have to use some suexec mechanism.
for the second: apache just want to read its configs. lets say you have a
user foo and your www-user and group for apache. you could say the
httpd.conf is owned by foo:www and has rw-r----- rights.
apache can read its configs, foo can write them, foo can not start/stop
apache as he doesn't have root-rights.
ralf
----- Original Message -----
From: "Subramani, GnanaShekar (GE Healthcare, non-ge)"
<Gn...@med.ge.com>
To: <us...@httpd.apache.org>
Sent: Tuesday, January 11, 2005 10:30 PM
Subject: [users@httpd] start/stop apache & change apache configuration
Hi,
I am asked to implement the following for security reasons.
1. A unix user who has the privileges to start/stop apache with read access
to its configuration file.
2. A unix user who could change apache configuration but lacks privilege to
start/stop apache.
Please provide inputs on how to do this.
Thanks & Regards,
-GnanaShekar-
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] start/stop apache & change apache configuration
Posted by Ralf Glauberman <rg...@michaeli-gymnasium.de>.
don't think it will work, when apache is started by a normal user without
su, it will afaik no be able to bind to port 80, only root can bind ports <=
1024.
ralf
----- Original Message -----
From: "Shashank" <sh...@biochem.okstate.edu>
To: <us...@httpd.apache.org>
Sent: Tuesday, January 11, 2005 10:46 PM
Subject: RE: [users@httpd] start/stop apache & change apache configuration
> Do it this way,
> Apache has various directories for configuration files and binary files.
>
> Make user1 owner of the bin directory.
> prompt> chown -R user1.group /path to apache/bin
>
> Make user2 owner of the conf directory
> prompt> chown -R user2.group /path to apache/bin
>
> chmod 744 /path-to-apache/bin
> chmod 744 /path-to-apache/conf
>
> Make user1 and user2 to be users of the same group, say "apache".
>
> This should solve your problem
>
> S
>
> -----Original Message-----
> From: Subramani, GnanaShekar (GE Healthcare, non-ge)
> [mailto:GnanaShekar.Subramani@med.ge.com]
> Sent: Tuesday, January 11, 2005 3:31 PM
> To: users@httpd.apache.org
> Subject: [users@httpd] start/stop apache & change apache configuration
>
> Hi,
>
> I am asked to implement the following for security reasons.
> 1. A unix user who has the privileges to start/stop apache with read
> access
> to its configuration file.
> 2. A unix user who could change apache configuration but lacks privilege
> to
> start/stop apache.
>
> Please provide inputs on how to do this.
>
> Thanks & Regards,
> -GnanaShekar-
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] start/stop apache & change apache configuration
Posted by Shashank <sh...@biochem.okstate.edu>.
Do it this way,
Apache has various directories for configuration files and binary files.
Make user1 owner of the bin directory.
prompt> chown -R user1.group /path to apache/bin
Make user2 owner of the conf directory
prompt> chown -R user2.group /path to apache/bin
chmod 744 /path-to-apache/bin
chmod 744 /path-to-apache/conf
Make user1 and user2 to be users of the same group, say "apache".
This should solve your problem
S
-----Original Message-----
From: Subramani, GnanaShekar (GE Healthcare, non-ge)
[mailto:GnanaShekar.Subramani@med.ge.com]
Sent: Tuesday, January 11, 2005 3:31 PM
To: users@httpd.apache.org
Subject: [users@httpd] start/stop apache & change apache configuration
Hi,
I am asked to implement the following for security reasons.
1. A unix user who has the privileges to start/stop apache with read access
to its configuration file.
2. A unix user who could change apache configuration but lacks privilege to
start/stop apache.
Please provide inputs on how to do this.
Thanks & Regards,
-GnanaShekar-
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org