Loading ...
Sorry, an error occurred while loading the content.

user www an webserver

Expand Messages
  • joswennmacker
    Hi all, I recently installed lighttpd un my slug (unslung 6.8) and created two websites. I use virtual hosting for two sites with two IP-names. Wonderfull, so
    Message 1 of 3 , Feb 1, 2008
    • 0 Attachment
      Hi all,
      I recently installed lighttpd un my slug (unslung 6.8) and created
      two websites. I use virtual hosting for two sites with two IP-names.
      Wonderfull, so far. The server was however still running as root,
      which I changed to user www.
      I created this user from unslung with the adduser command. I also
      use sftp to update the sites from another machine inside my LAN. I
      have to be able to update it from outside my LAN, so sftp is a must.
      After reboot the new user www was changed: it didn't have a password
      anymore. The passwd file just had an x. I searched the wiki and
      found that this is normal behaviour, that I should create a user
      from the Linksys interface. So I deleted my own www user (and www
      group) and created one from the webinterface. I chown'd all the
      files in my sites to www.www. Wonderfull! Both my sites are up and
      running again.
      BUT: the Linksys interface sets the shell for www to /dev/null.
      I did not find a moduser command for unslung, so I cannot change the
      shell in passwd. So, without a valid shell, I cannot sftp to the
      slug with user www. I have to use root, and all the files I put to
      my server are owned by root, so the webserver has no access to it. I
      first have to chown them before I can start testing.
      Any solutions? I'm not in any way an experienced Linux user.
      Thanks in advance.
      Jos
    • Ben O'Hara
      vi /etc/passswd and change the shell? Ben ... -- A Scientist will earn a living by taking a really difficult problem and spends many years solving it, an
      Message 2 of 3 , Feb 1, 2008
      • 0 Attachment
        vi /etc/passswd and change the shell?

        Ben

        On Feb 1, 2008 2:08 PM, joswennmacker <joswennmacker@...> wrote:
        >
        >
        >
        >
        >
        >
        > Hi all,
        > I recently installed lighttpd un my slug (unslung 6.8) and created
        > two websites. I use virtual hosting for two sites with two IP-names.
        > Wonderfull, so far. The server was however still running as root,
        > which I changed to user www.
        > I created this user from unslung with the adduser command. I also
        > use sftp to update the sites from another machine inside my LAN. I
        > have to be able to update it from outside my LAN, so sftp is a must.
        > After reboot the new user www was changed: it didn't have a password
        > anymore. The passwd file just had an x. I searched the wiki and
        > found that this is normal behaviour, that I should create a user
        > from the Linksys interface. So I deleted my own www user (and www
        > group) and created one from the webinterface. I chown'd all the
        > files in my sites to www.www. Wonderfull! Both my sites are up and
        > running again.
        > BUT: the Linksys interface sets the shell for www to /dev/null.
        > I did not find a moduser command for unslung, so I cannot change the
        > shell in passwd. So, without a valid shell, I cannot sftp to the
        > slug with user www. I have to use root, and all the files I put to
        > my server are owned by root, so the webserver has no access to it. I
        > first have to chown them before I can start testing.
        > Any solutions? I'm not in any way an experienced Linux user.
        > Thanks in advance.
        > Jos
        >
        >



        --
        "A Scientist will earn a living by taking a really difficult problem
        and spends many years solving it, an engineer earns a living by
        finding really difficult problems and side stepping them"
      • Scott Ruckh
        This is what you said joswennmacker ... In my opinion you probably don t want to give write access to the account that runs the web server. Maybe give write
        Message 3 of 3 , Feb 1, 2008
        • 0 Attachment
          This is what you said joswennmacker
          > Hi all,
          > I recently installed lighttpd un my slug (unslung 6.8) and created
          > two websites. I use virtual hosting for two sites with two IP-names.
          > Wonderfull, so far. The server was however still running as root,
          > which I changed to user www.
          > I created this user from unslung with the adduser command. I also
          > use sftp to update the sites from another machine inside my LAN. I
          > have to be able to update it from outside my LAN, so sftp is a must.
          > After reboot the new user www was changed: it didn't have a password
          > anymore. The passwd file just had an x. I searched the wiki and
          > found that this is normal behaviour, that I should create a user
          > from the Linksys interface. So I deleted my own www user (and www
          > group) and created one from the webinterface. I chown'd all the
          > files in my sites to www.www. Wonderfull! Both my sites are up and
          > running again.
          > BUT: the Linksys interface sets the shell for www to /dev/null.
          > I did not find a moduser command for unslung, so I cannot change the
          > shell in passwd. So, without a valid shell, I cannot sftp to the
          > slug with user www. I have to use root, and all the files I put to
          > my server are owned by root, so the webserver has no access to it. I
          > first have to chown them before I can start testing.
          > Any solutions? I'm not in any way an experienced Linux user.
          > Thanks in advance.
          > Jos
          >
          In my opinion you probably don't want to give write access to the account
          that runs the web server. Maybe give write access to a few required files
          here and there, but otherwise read-only access. Again, that is just my
          own personal practice. Almost all my files are set to root:lighttpd with
          the mode on the files set to 644 and directories set to 755.

          If you still want to give write access to your 'www' account, you might
          consider installing RSSH (www.pizzashack.org/rssh/) for the shell. In
          this way you can still prevent the 'www' acount from having an interactive
          shell, but you can still SCP/SFTP files to your server. Plus it has all
          sorts of configuration settings for configuring the umask and the mode on
          files.

          I personally don't find it all that inconvenient to upload files using a
          normal user account, and using 'sudo' to move my files to the configured
          web folders and again using 'sudo' to set the permissions. It is not like
          you are going to be hosting hundreds of sites on an NSLU2.

          You might also google the chmod command and consider using the sticky bit
          on directories. I have done this in a few cases on folders outside of the
          web directories (like my Music directories), so that I can copy files
          using SMB as any configured SAMBA user and still have the group
          permissions set correctly so that the web server account can read the
          files.

          If you are just looking for convenience, just do as another user suggested
          and just set your desired shell by editing the /etc/passwd file. Just
          remember in almost every instance secure does not mean convenient.
        Your message has been successfully submitted and would be delivered to recipients shortly.