[lug] apache vhost / php perms
George Sexton
gsexton at mhsoftware.com
Wed Apr 16 21:50:42 MDT 2008
Hugh Brown wrote:
> George Sexton wrote:
>> SetGID applied to a directory makes any new directories or files
>> created in that directory set to the group of the parent directory.
>>
>> I don't think it's any particular security issue since it's applied to
>> the directory, and the only effect is to make any files or directories
>> owned by the group.
>>
>
> I've done something similar and found that I had to write a cron script
> that would fix the group permissions and make sure that group had
> read/execute where appropriate.
>
> As a test, I just did:
>
> mkdir foo
> chgrp group2 foo
> chmod g+s foo
> cd foo
> rsync -av remote:s* .
>
> ls -l at the foo level had group2 but everything below that level had
> group1 (which is the default group for the user).
That would be because rsync -a implies rsync -p which preserves the
permissions of the source.
Call rsync with the explict options -a implies, less -p.
>
>
> So, if all of the vhosts share the same parent, you can set a cron
> script to run and do:
>
> chgrp -R apache /vhost/parentdir
> find /vhost/parentdir -type d -exec chmod g+s {} \;
>
> Hugh
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
--
George Sexton
MH Software, Inc.
Voice: +1 303 438 9585
URL: http://www.mhsoftware.com/
More information about the LUG
mailing list