From owner-freebsd-questions@FreeBSD.ORG  Mon Nov 19 17:43:08 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3631916A41A
	for <freebsd-questions@freebsd.org>;
	Mon, 19 Nov 2007 17:43:08 +0000 (UTC)
	(envelope-from gandalf@shopzeus.com)
Received: from viefep20-int.chello.at (viefep20-int.chello.at [62.179.121.40])
	by mx1.freebsd.org (Postfix) with ESMTP id 4FCAD13C45D
	for <freebsd-questions@freebsd.org>;
	Mon, 19 Nov 2007 17:43:07 +0000 (UTC)
	(envelope-from gandalf@shopzeus.com)
Received: from [192.168.1.104] (really [80.99.119.201])
	by viefep20-int.chello.at
	(InterMail vM.7.08.02.00 201-2186-121-20061213) with ESMTP
	id <20071119174259.GYEM15409.viefep20-int.chello.at@[192.168.1.104]>;
	Mon, 19 Nov 2007 18:42:59 +0100
Message-ID: <4741CB22.9000401@shopzeus.com>
Date: Mon, 19 Nov 2007 18:42:58 +0100
From: Laszlo Nagy <gandalf@shopzeus.com>
User-Agent: Thunderbird 2.0.0.6 (X11/20071022)
MIME-Version: 1.0
To: stevefranks@ieee.org, freebsd-questions@freebsd.org
References: <539c60b90711190935m4efdaf6ndecf5224271c24d1@mail.gmail.com>
In-Reply-To: <539c60b90711190935m4efdaf6ndecf5224271c24d1@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Re: permissions for www acting strangely
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Nov 2007 17:43:08 -0000

Steve Franks wrote:
> Few weeks ago, I installed apache22.  Just wanted to put up some
> family photos.  Whenever I tried to connect, got a "apache doesn't
> have permisson to acess ~/. on this system or somesuch".  The only way
> to get around it appeared to be a chmod 777 on my pic folder (no luck
> with 775!).  Now I restored some stuff from a backup over my photos,
> and now 777 won't work either.  Is there something fundamental about
> permissions I am totally missing?
>   
Look at your apache config file. Most probably, 
/usr/local/etc/apache22/httpd.conf.

Look for "User" and "Group" options - it tells you the user and group 
apache is running under.

Now look at the ownership of your files and directories. Apache needs to 
have rx on directories and r on file to read them.

One common approach for this problem is to set the "set group id" bit on 
your folder containing your photos, and do

chown user1:group1 -R yourfolder


Where:

    user1    - can be you (?)
    group1 - should be the group apache is running under


Well, it is just a bad example. You need to develop your own strategy 
for security. They key is that you also need to check ownership. It is 
not enough to chmod, sometimes you need to chown.

Best,

   Laszlo