Apache Virtual Hosting...

[jajanes]

...I work for an ISP and were looking to migrate to Apache/Linux for hosting vs NT. I am fairly familiar with linux and I've setup a number of test sites to make sure I was familiar with virtual hosting.

I created a standard user account for the person owning the site (the

http://www and

subdirectories were created from /etc/skel), setup apache for the virtual server:

<virtualhost x.x.x.x>
DocumentRoot /home/xxx/

http://www/html

ServerName

http://www.xxx.com

ServerAdmin support@xxx.com
ErrorLog /home/xxx/

http://www/logs/error.log

AgentLog /home/xxx/

http://www/logs/browser.log

TransferLog /home/xxx/

http://www/logs/access.log

RefererLog /home/xxx/

http://www/logs/referer.log

Alias /cgi-bin/ /home/xxx/

http://www/cgi-bin/

</virtualhost>

I then uploaded the files AS that user to the users /home/

http://www/html

directory, CHMOD'ed the files, and restarted the httpd daemon.

All I receive off of the web server is ACCESS DENIED - you don't have permission to view / on this server.

What did I miss? I assume it has something to do with the user because I previously had no trouble (I setup all of the other hosts by ssh'ing in as root and chown -R apache ./html --- and, come to think of it, is that wrong?)

The distrib is an unaltered RedHat 7.2

 

[RhythmAce]

I don't see a directory container for the DocumentRoot or cgi-bin with the Options and directives for those directories so I assume you have them defined globally since the other vhosts are working. The error is saying apache doesn't have access to the DocumentRoot. So it doesn't like the owner or group. You might try chown -R apache:apache *. This will change the owner and group of every directory and file below the current directory to apache. By the way, congrats on moving up to linux. )

 

[jajanes]

Thanks. I did change the owner to user and group apache (sorry, I had forgotten to mention that), and the globals have worked in the past (is this a good idea, or should i define per <Directory>?) One of my problems is this: even if changing the owner solved the problem, I host for customers which means that they would lose ownership (and editing rights) to their files, wouldn't they?

I know these are probably really stupid questions, and I know I should RTFM (if I could find something comprehensive, anyway) - any suggestions on Apache related sites or materials would be greatly appreciated. Obviously I have to understand more about Apache before I can host with it.

 

[RhythmAce]

You could assign all your users to group apache in addition to their regular group. That's a good question though. I don't know how the &quot;Big Boys&quot; do it. )

 

[RhythmAce]

By the way, have you checked out the online manual at

http://www.apache.org

? You should also have it in your manual subdirectory uder your original html directory. For example: /var/

http://www/html/manual/index.html.

If it's there you can open it with your browser.

 

[ifincham]

Hi,

As RhythmAce says, the default way it works is that the permissions needed on the underlying files are those relevant to the userid of the apache process, e.g. 'apache' under redhat and 'nobody' by default. When you are using virtual hosts and allowing user uploads there is an obvious security issue surrounding cgi-scripts that needs to be looked at. If they run as 'apache' they can probably do a lot more than you might want. So, the ideal is to run with the user's own access rights.

You can do this with suEXEC which is now part of apache -->

http://httpd.apache.org/docs/suexec.html

or cgiwrap which is roughly equivalent -->

http://cgiwrap.sourceforge.net/

.

Hope this helps

 

[jajanes]

Thanks, everybody. I'll check it all out. Thank's for the suExec tip! That'll make a big difference.

I wish I didn't have all this $$ tied up into servers, I think I'd just go Cobalt!