Owner of virtual host

[fugtruck]

I have an apache server with multiple virtual hosts and I would like to configure the owner of the files & directories for each virtual host to be different from each other (which will not be the user apache), similar to how cPanel or Plesk is setup. But the closest I can get is with suexec and being able to specify what user CGI scripts will run under. But this isn't exactly what I am after.

Any suggestions?

 

[Noway2]

I may have mis-interpreted your post, so please forgive me if my response is to simplistic.

In the virtual host declaration, you can set the document root to a path that belongs to a user. The site definition files there can be owned by the user rather than apache or root. As far as I can tell, there is no problem running scripts from these other locations.

 

[fugtruck]

So, I have a file /etc/httpd/conf/vhosts/my_site.conf that is owned by the user that I want the site files to belong to. And in my httpd.conf file, I have "Include conf/vhosts/*.conf". But files in my_site's document root that are owned by the same user that my_site.conf are owned by get "Error 403: Forbidden" when I try to browse to them. Files owned by the user apache still load fine.

So, did I misunderstand your suggestion?

 

[Noway2]

I think we are on the same page

It looks like there is a permissions error. My suspicion is that Apache may not be able to read either the vhost configuration files and or the site definition files.

All I did to move the location for the web page files was alter the document root. I left the vhost configuration to the default.

One thing I would look at is your include. Of course, verify the permissions (can Apache access it) but also that it looks like it has a relative path since it starts with conf. Try making it an absolute path. I presume relative to /etc/httpd/

Lastly, make sure that .htaccess or the vhost declaration file doesn't have a bug that blocks all access to the site.

 

[fugtruck]

I'm not sure what you mean by site definition files. But I'm certain that Apache is able to read the vhost configuration file, as the site does come up, just Apache can't read documents not owned by the user apache.

Here is what I mean by that. The document root for this site is /var/

http://www/my_site.

In the my_site folder there are two documents, file1.html and file2.html. file1.html is owned by apache and file2.html is owned by the user that the my_site.conf file is owned by. I can go to

http://my_site/file1.html

and it comes up file. But

http://my_site/file2.html

gives a "403 Forbidden" error.

There are no .htaccess files for this site. Here is what I have in my_site.conf file:

<VirtualHost 192.168.0.10:80>
ServerName my_site.mydomain.com
DocumentRoot /var/

http://www/my_site

ErrorLog /var/log/httpd/my_site-error_log
LogLevel error
TransferLog /var/log/httpd/my_site-access_log
<Directory "/var/

http://www/my_site">

Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
SuexecUserGroup my_site my_site
</VirtualHost>

 

[Noway2]

All is becoming clear now. Since page1 serves this does confirm that the vhost configuration is not the problem. I think this may be a matter of file permissions.

Simple question: what are the permissions of file1.html and file2.html? On file two, make sure that 'O'thers have read access. I would recommend 644 as the permissions mask. You might also need to make sure that the directory (X) is accessible by 'O'thers too.

Apache will serve up a file as long as it has read permission to it, even if it isn't owned by the apache user. Typically, in a public system, I keep the files owned by root (the only write access) as an added security measure.

 

[fugtruck]

That's it. Thanks!

 

[Noway2]

Your welcome. Happy to have helped!