Jump to content

[SOLVED] Downloading files unaccessible by Apache

daq

By daq
in Apache HTTP Server

Recommended Posts

daq Newbie

daq

Posted
Posted

I have a folder that wwwrun (user apache runs as) has no read access to, but I need to be able to download from that folder. I realize that adding wwwrun to users group is dangerous, but that is the only solution I could find for now.

 

I closed http ports on external interface and download files from apache through an SSH tunnel as a security measure while I'm looking for a better solution.

 

Is there any way to give a VHost elevated privileges for one directory?

 

I would really rather not run two apache daemons where one has elevated privileges but cannot be accessed from outside except through SSH tunnel.

 

Any suggestions welcome.

steviewdr Member

steviewdr

Posted
Posted

I dont have a handy link where it is explained in depth. Im sure its in the apache manual.

 

As for permissions, it uses the underlying file permissions. If its not chmod'd 644 or 755 (i.e. readable by the webserver) it wont be served. Think of the alias as a symlink (ln -s source destination) for apache.

 

-steve

daq Newbie

daq

Posted
  • Author
Posted

OK, I guess I made the question unclear. While Alias was helpful, I was using symlink to serve the same purpose, my problem was with permissions. The problem still remains. To be honest I was looking for something more like suExec -- I couldn't find a good tutorial on it anywhere.

 

Thanks for your help though.

steviewdr Member

steviewdr

Posted
Posted

Apologies - I have read your first post more clearly. Thus:

"I have a folder that wwwrun (user apache runs as) has no read access to, but I need to be able to download from that folder".

 

I use suPHP on one of the compsoc servers. It works very well. Php will SU to the owner of the php script, giving different permissions (similar to suEXEC). Note the cgi version of php is required for suPHP to work.

 

More info here: https://wiki.skynet.ie/Users/suPHP and https://wiki.skynet.ie/Admin/SetupGuides/suPHP

 

Rgds,

Steve

the_oliver Regular Member

the_oliver

Posted
Posted 

<Directory "/usr/local/thefile">
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

 

You will find that SELinux will oftern get it the way of these!  However if you have the time to make this work propaly for you it could be very usefull to you.

daq Newbie

daq

Posted
  • Author
Posted

Thanks, that's exactly what I was looking for!

 

Apologies - I have read your first post more clearly. Thus:

"I have a folder that wwwrun (user apache runs as) has no read access to, but I need to be able to download from that folder".

 

I use suPHP on one of the compsoc servers. It works very well. Php will SU to the owner of the php script, giving different permissions (similar to suEXEC). Note the cgi version of php is required for suPHP to work.

 

More info here: https://wiki.skynet.ie/Users/suPHP and https://wiki.skynet.ie/Admin/SetupGuides/suPHP

 

Rgds,

Steve

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.