Loading ...
Sorry, an error occurred while loading the content.

Re: [nslu2-linux] user www an webserver

Expand Messages
  • Scott Ruckh
    This is what you said joswennmacker ... In my opinion you probably don t want to give write access to the account that runs the web server. Maybe give write
    Message 1 of 3 , Feb 1, 2008
    • 0 Attachment
      This is what you said joswennmacker
      > Hi all,
      > I recently installed lighttpd un my slug (unslung 6.8) and created
      > two websites. I use virtual hosting for two sites with two IP-names.
      > Wonderfull, so far. The server was however still running as root,
      > which I changed to user www.
      > I created this user from unslung with the adduser command. I also
      > use sftp to update the sites from another machine inside my LAN. I
      > have to be able to update it from outside my LAN, so sftp is a must.
      > After reboot the new user www was changed: it didn't have a password
      > anymore. The passwd file just had an x. I searched the wiki and
      > found that this is normal behaviour, that I should create a user
      > from the Linksys interface. So I deleted my own www user (and www
      > group) and created one from the webinterface. I chown'd all the
      > files in my sites to www.www. Wonderfull! Both my sites are up and
      > running again.
      > BUT: the Linksys interface sets the shell for www to /dev/null.
      > I did not find a moduser command for unslung, so I cannot change the
      > shell in passwd. So, without a valid shell, I cannot sftp to the
      > slug with user www. I have to use root, and all the files I put to
      > my server are owned by root, so the webserver has no access to it. I
      > first have to chown them before I can start testing.
      > Any solutions? I'm not in any way an experienced Linux user.
      > Thanks in advance.
      > Jos
      >
      In my opinion you probably don't want to give write access to the account
      that runs the web server. Maybe give write access to a few required files
      here and there, but otherwise read-only access. Again, that is just my
      own personal practice. Almost all my files are set to root:lighttpd with
      the mode on the files set to 644 and directories set to 755.

      If you still want to give write access to your 'www' account, you might
      consider installing RSSH (www.pizzashack.org/rssh/) for the shell. In
      this way you can still prevent the 'www' acount from having an interactive
      shell, but you can still SCP/SFTP files to your server. Plus it has all
      sorts of configuration settings for configuring the umask and the mode on
      files.

      I personally don't find it all that inconvenient to upload files using a
      normal user account, and using 'sudo' to move my files to the configured
      web folders and again using 'sudo' to set the permissions. It is not like
      you are going to be hosting hundreds of sites on an NSLU2.

      You might also google the chmod command and consider using the sticky bit
      on directories. I have done this in a few cases on folders outside of the
      web directories (like my Music directories), so that I can copy files
      using SMB as any configured SAMBA user and still have the group
      permissions set correctly so that the web server account can read the
      files.

      If you are just looking for convenience, just do as another user suggested
      and just set your desired shell by editing the /etc/passwd file. Just
      remember in almost every instance secure does not mean convenient.
    Your message has been successfully submitted and would be delivered to recipients shortly.