Jump to content

[SOLVED] Downloading files unaccessible by Apache

daq

By daq
in Apache HTTP Server

 Share

Recommended Posts

daq Newbie

daq

Posted
Posted

I have a folder that wwwrun (user apache runs as) has no read access to, but I need to be able to download from that folder. I realize that adding wwwrun to users group is dangerous, but that is the only solution I could find for now.

 

I closed http ports on external interface and download files from apache through an SSH tunnel as a security measure while I'm looking for a better solution.

 

Is there any way to give a VHost elevated privileges for one directory?

 

I would really rather not run two apache daemons where one has elevated privileges but cannot be accessed from outside except through SSH tunnel.

 

Any suggestions welcome.

Link to comment
Share on other sites
steviewdr Member

steviewdr

Posted
Posted

I dont have a handy link where it is explained in depth. Im sure its in the apache manual.

 

As for permissions, it uses the underlying file permissions. If its not chmod'd 644 or 755 (i.e. readable by the webserver) it wont be served. Think of the alias as a symlink (ln -s source destination) for apache.

 

-steve

Link to comment
Share on other sites
daq Newbie

daq

Posted
  • Author
Posted

OK, I guess I made the question unclear. While Alias was helpful, I was using symlink to serve the same purpose, my problem was with permissions. The problem still remains. To be honest I was looking for something more like suExec -- I couldn't find a good tutorial on it anywhere.

 

Thanks for your help though.

Link to comment
Share on other sites
steviewdr Member

steviewdr

Posted
Posted

Apologies - I have read your first post more clearly. Thus:

"I have a folder that wwwrun (user apache runs as) has no read access to, but I need to be able to download from that folder".

 

I use suPHP on one of the compsoc servers. It works very well. Php will SU to the owner of the php script, giving different permissions (similar to suEXEC). Note the cgi version of php is required for suPHP to work.

 

More info here: https://wiki.skynet.ie/Users/suPHP and https://wiki.skynet.ie/Admin/SetupGuides/suPHP

 

Rgds,

Steve

Link to comment
Share on other sites
the_oliver Regular Member

the_oliver

Posted
Posted 

<Directory "/usr/local/thefile">
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

 

You will find that SELinux will oftern get it the way of these!  However if you have the time to make this work propaly for you it could be very usefull to you.

Link to comment
Share on other sites
daq Newbie

daq

Posted
  • Author
Posted

Thanks, that's exactly what I was looking for!

 

Apologies - I have read your first post more clearly. Thus:

"I have a folder that wwwrun (user apache runs as) has no read access to, but I need to be able to download from that folder".

 

I use suPHP on one of the compsoc servers. It works very well. Php will SU to the owner of the php script, giving different permissions (similar to suEXEC). Note the cgi version of php is required for suPHP to work.

 

More info here: https://wiki.skynet.ie/Users/suPHP and https://wiki.skynet.ie/Admin/SetupGuides/suPHP

 

Rgds,

Steve

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.