December 2002
Intermediate to advanced
588 pages
25h 57m
English
Content preview from Apache: The Definitive Guide, 3rd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Unix Permissions
If Apache is to work properly, it’s important to correctly set the file-access permissions. In Unix systems, there are three kinds of permissions: read, write , and execute. They attach to each object in three levels: user, group, and other or “rest of the world.” If you have installed the demonstration sites, go to ... /site.cgi/htdocs, and type:
% ls -lYou see:
-rw-rw-r-- 5 root bin 1575 Aug 15 07:45 form_summer.html
The
first - indicates that this is a regular file. It
is followed by three permission fields, each of three characters.
They mean, in this case:
- User (
root) Read yes, write yes, execute no
- Group (
bin) Read yes, write yes, execute no
- Other
Read yes, write no, execute no
When the permissions apply to a
directory, the x execute permission means
scan: the ability to see the contents and move
down a level.
The permission that interests us is other, because the copy of Apache that tries to access this file belongs to user webuser and group webgroup. These were set up to have no affinities with root and bin, so that copy can gain access only under the other permissions, and the only one set is “read.” Consequently, a Bad Guy who crawls under the cloak of Apache cannot alter or delete our precious form_summer.html; he can only read it.
We can now write a coherent doctrine on permissions. We have set things up so that everything in our web site, except the data vulnerable to attack, has owner root and group wheel. We did this partly because it is a ...