headers
Matty | 1 May 2009 03:28
Picon

Re: Hosting Services

On Wed, Apr 29, 2009 at 9:24 AM, Rett Addy <gtrett@...> wrote:
> I am a neophyte to setting up websites and hosting but I have a need to set
> up an informational website with pdf files and mp3 files.  I have already
> purchased some domain names to hold them.
>
> Does anyone have any recommendations for hosting services and tools.  This
> will not be a big site since it is informational.

I've had fantastic luck with Pair networks:

http://www.pair.com/

- Ryan
--
http://prefetch.net
Permalink | Reply | 0 comments |
headers
Jeff Hubbs | 1 May 2009 04:22
Picon

Re: Grub and auxiliary boot partition

Greg -

I didn't mention the 24 additional disk drives and three 3Ware 8-drive 
controllers because they weren't germane to my question. :) 

I prefer not to rely on RAID for /boot. 

- Jeff

Greg Freemyer wrote:
> Jeff,
>
> I use a 2-disk 3ware controller specifically for my server boot drives.
>
> Seems like a 2-disk controller is about $100 and it prevents you
> worrying about grub issues.
>
> Greg
>
> On Thu, Apr 30, 2009 at 11:21 AM, Jeff Hubbs
<jeffrey.hubbs@...> wrote:
>   
>> I have a server with two disks that I use for booting and rooting - sda and
>> sdb.  I partition them like this:
>>
>> |--sda1=/boot-----|--sda2 (type fd)------------------------|
>>
>> |--sdb1=/auxboot--|--sdb2 (type fd)------------------------|
>>
>> sdb1 and sdb2 are made into md0 in kernel RAID 1 and md0 is mounted as /.
(Continue reading)

Permalink | Reply | 2 comments |
headers
David M Lemcoe Jr. | 1 May 2009 13:11

Multi-user web server permissions


Hello hello.

I currently have a server with about 15 people that have domains on
it. When playing around in SSH, I noticed that if I ssh as a user that
was not in his own directory, I could change, edit, and view his files.

What permissions do I need to set in order for other users not to be
able to access others' files, but let Apache access them.

It would make sense to first chown the directory, put all the web
server users in a group, and chmod everything 707.

Apparently this doesn't work.

How would you all recommend I do this?

Thank you!

David
Permalink | Reply | 7 comments |
headers
Scott McBrien | 1 May 2009 13:29
Picon

Re: Multi-user web server permissions

David,

One could make the apache group the owner, with chgrp, then set the  
permissions to 2750.  But something else to consider would be using  
ACLs, which would permit you to set an acl for the apache user to have  
rx permissions but keep the normal permissions on the files as you  
have them now.  Check out the setfacl and getfacl man pages.

-Scott

On May 1, 2009, at 7:11 AM, "David M Lemcoe Jr." <forum@...>  
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello hello.
>
> I currently have a server with about 15 people that have domains on
> it. When playing around in SSH, I noticed that if I ssh as a user that
> was not in his own directory, I could change, edit, and view his  
> files.
>
> What permissions do I need to set in order for other users not to be
> able to access others' files, but let Apache access them.
>
> It would make sense to first chown the directory, put all the web
> server users in a group, and chmod everything 707.
>
> Apparently this doesn't work.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jim Kinney | 1 May 2009 13:30
Picon

Re: Multi-user web server permissions

NOT 707!!!

Remember the order is user, group, world. So 707 is read/write for
user and world!

Each users home dir should be set to 700. The files in each home dir,
and sub folders as well should be xx0.

If all the domain users are in the same group (eg. users) then
directory permissions of x7x will allow them to write as well as read
into a directory.. Folder perms of x5x will allow read but not write.

Some distro's (redhat and variants) have users in their own groups. So
user fred would have primary group fred. This forces shared groups to
be made explicitly and thus avoids a group write security issue.

To recap, the perm options are 1,2,4 for x,w,r. Add them to get the
number for chmod. So a user with rwx, group rx, and world x would be
751.

On Fri, May 1, 2009 at 7:11 AM, David M Lemcoe Jr. <forum@...> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello hello.
>
> I currently have a server with about 15 people that have domains on
> it. When playing around in SSH, I noticed that if I ssh as a user that
> was not in his own directory, I could change, edit, and view his files.
>
(Continue reading)

Permalink | Reply | 1 comment |
headers
Jeff Lightner | 1 May 2009 14:06
Favicon

Re: Grub and auxiliary boot partition

I can't imagine why anyone would prefer software RAID over hardware RAID
(mirroring at least) on /boot.  For performance reasons alone it would
be preferable and as posted by Greg it allows you to ignore dealing with
grub because grub sees the RAID LUN not the individual disks.

-----Original Message-----
From: ale-bounces@...
[mailto:ale-bounces@...] On Behalf Of Jeff
Hubbs
Sent: Thursday, April 30, 2009 10:23 PM
To: Atlanta Linux Enthusiasts - Yes! We run Linux!
Subject: Re: [ale] Grub and auxiliary boot partition

Greg -

I didn't mention the 24 additional disk drives and three 3Ware 8-drive 
controllers because they weren't germane to my question. :) 

I prefer not to rely on RAID for /boot. 

- Jeff

Greg Freemyer wrote:
> Jeff,
>
> I use a 2-disk 3ware controller specifically for my server boot
drives.
>
> Seems like a 2-disk controller is about $100 and it prevents you
> worrying about grub issues.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Jeff Lightner | 1 May 2009 14:08
Favicon

Re: Multi-user web server permissions

Also make sure you pay attention to the parent directory of these home
directories (typically /home).

-----Original Message-----
From: ale-bounces@...
[mailto:ale-bounces@...] On Behalf Of Jim
Kinney
Sent: Friday, May 01, 2009 7:31 AM
To: Atlanta Linux Enthusiasts - Yes! We run Linux!
Subject: Re: [ale] Multi-user web server permissions

NOT 707!!!

Remember the order is user, group, world. So 707 is read/write for
user and world!

Each users home dir should be set to 700. The files in each home dir,
and sub folders as well should be xx0.

If all the domain users are in the same group (eg. users) then
directory permissions of x7x will allow them to write as well as read
into a directory.. Folder perms of x5x will allow read but not write.

Some distro's (redhat and variants) have users in their own groups. So
user fred would have primary group fred. This forces shared groups to
be made explicitly and thus avoids a group write security issue.

To recap, the perm options are 1,2,4 for x,w,r. Add them to get the
number for chmod. So a user with rwx, group rx, and world x would be
751.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Richard Bronosky | 1 May 2009 15:12

Re: firefox bookmark import failures

Or use delicious.com plugin on both. That's the one I prefer.

On Wed, Apr 29, 2009 at 3:52 PM, Harold Bieber
<harold.bieber@...> wrote:
> Setup a "Foxmarks" account. Sync'ed bookmarks across all platforms, it is an
> add-on for FF.
>
> Harold
>
>
> On Wed, Apr 29, 2009 at 11:18 AM, Jim Kinney <jim.kinney@...> wrote:
>>
>> FF 3.0.9 (update needed) imports bookmark folder names but not the
>> folder contents from another firefox bookmarks export. Source is XP
>> firefox export to html. The html has the folders and actual URLs in it
>> but Linux firefox only grabs folder names.
>>
>> WTF?!?!? This is what I get for being too lazy to retype urls.
>>
>> --
>> --
>> James P. Kinney III
>> Actively in pursuit of Life, Liberty and Happiness
>> _______________________________________________
>> Ale mailing list
>> Ale@...
>> http://mail.ale.org/mailman/listinfo/ale
>
>
> _______________________________________________
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brandon Checketts | 1 May 2009 16:18
Favicon

Re: Multi-user web server permissions

There is no perfect way to do this that I know of.   What I typically do
is to put each user in his own group.  Then set all of the permissions
in their home dir to 750 add the web server user (ie: apache or httpd)
to that user's group.

The commands would be something like this (note that these exact
commands will destroy any existing permissions, so this could be bad if
your sites need anything special)

# chown -R /home/someuser someuser:someuser
# chmod -R 750 /home/someuser
# lgroupmod --member-add=someuser apache

That should limit one users ability to read other people's files when
doing anything that depends on system permissions like SSH and FTP.

Another alternative is chrooting SSH and FTP sessions.  Most FTP servers
do this easy enough with one or two lines in a config file.  SSH is a
bit more complicated, but I have had good luck with jailkit
(olivier.sessink.nl/jailkit/) to successfully jail SSH/SCP/SFTP users.

However, the larger problem arises when accessing files through Apache.
 Since the web server has to be able to read files from any directory
(ie: that is the whole point), it is not difficult for one user to
create a PHP or CGI script that can read anybody else's files when
accessed through the web server.   There are some attempts at
controlling this, but none that I really like (ie: suexec and running
PHP in CGI mode).

I'd be interested if anybody has some more elegant solutions to the
(Continue reading)

Permalink | Reply | 1 comment |
headers
Robert Reese~ | 1 May 2009 16:59

Re: Multi-user web server permissions

> However, the larger problem arises when accessing files through
> Apache.  Since the web server has to be able to read files from any
> directory (ie: that is the whole point), it is not difficult for
> one user to create a PHP or CGI script that can read anybody else's
> files when accessed through the web server.   There are some
> attempts at controlling this, but none that I really like (ie:
> suexec and running PHP in CGI mode).
>
>
> I'd be interested if anybody has some more elegant solutions to the
> latter problem.

This should be able to be controlled with .htaccess for access via http; the 
user will need to authenticate, of course.  FTP has its own set of permissions, 
controlled by the file and directory permissions, owner, and group just like 
SSH, IIRC.  OTOH, I'm still not a *nix expert so if I'm wrong, anyone please 
correct me.

Cheers,
R~
Permalink | Reply | 0 comments |

Gmane