From owner-freebsd-questions@FreeBSD.ORG  Wed Aug 25 10:48:21 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0BE5016A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Aug 2004 10:48:21 +0000 (GMT)
Received: from skutsje.san.webweaving.org (skutsje.san.webweaving.org
	[209.132.96.45])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E23E043D2F
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Aug 2004 10:48:18 +0000 (GMT)
	(envelope-from dirkx@webweaving.org)
Received: from skutsje.san.webweaving.org (localhost [127.0.0.1])
	i7PAad0p051026
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Wed, 25 Aug 2004 03:36:39 -0700 (PDT)
	(envelope-from dirkx@webweaving.org)
Received: from localhost (dirkx@localhost)i7PAadKV051023;
	Wed, 25 Aug 2004 03:36:39 -0700 (PDT)
	(envelope-from dirkx@webweaving.org)
X-Authentication-Warning: skutsje.san.webweaving.org: dirkx owned process
	doing -bs
Date: Wed, 25 Aug 2004 03:36:39 -0700 (PDT)
From: Dirk-Willem van Gulik <dirkx@webweaving.org>
X-X-Sender: dirkx@skutsje.san.webweaving.org
To: RYAN vAN GINNEKEN <maillist@computerking.ca>
In-Reply-To: <412BB5F1.8030601@computerking.ca>
Message-ID: <20040825033105.X7510@skutsje.san.webweaving.org>
References: <412BB5F1.8030601@computerking.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-questions@freebsd.org
Subject: Re: apache permission problem please help
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Aug 2004 10:48:21 -0000


Apache (propably) runs as the 'www' user and group.

So each file (and path) needs to be readable by

->	the www group
OR	the www users must be a member of the group
	of the diretory
OR	the world

And each directory needs the 'x' access flag set.

See the man pages for chmod, chown and chgrp for more details

Example:

	drwxr-xr-x  10 dirkx  staff            512 Nov 12  2003 swad
	-rw-r--r--   1 dirkx  staff         711332 Sep 24  2003 tabellenWADI.pdf

Can be seen by www (world readable and directory has x)

	drwxr-x--  10 dirkx  staff            512 Nov 12  2003 swad
	-rw-r----   1 dirkx  staff         711332 Sep 24  2003 tabellenWADI.pdf

Cannot be seen by www UNLESS www is a member of 'staff' (i.e. www is in
the staff line in /etc/group).

	drwx----  10 dirkx  staff            512 Nov 12  2003 swad
	-rw-----   1 dirkx  staff         711332 Sep 24  2003  tabellenWADI.pdf

Can never be seen by the web server as it runs as 'www'.

Note that the web server needs to traverse the entire path; so for a file
ro dir /home/dirkx/public_html/index.html check:

	/
	/home
	/home/dirkx
	/home/dirkx/pulic_html

for an x in world/other or the right group
and the file

	/home/dirkx/public_html/index.html

for read. If you want something different read the manual of apache, and
in particular the SUID mode. See also the FAQ of apache.

Dw.