[lug] sudoers limitations?
Jeff Schroeder
jeff at neobox.net
Sun Jul 3 09:47:56 MDT 2005
Dave asked:
> Is there any other way to do this besides having him host his wiki in
> /home/dude/www/? I have never looked into configuring apache to
> look in user www directories, although I have heard that this is
> preferable to the /var/www route.
I think the solution here is to set up your web sites to use accounts
in, say, /home. If you have three sites on your machine: you, me, and
dude, then you might have:
/home/you/www
/home/me/www
/home/dude/www
I'm a fan of name-based virtual hosting, so you'd then have something
like this in your httpd.conf file:
NameVirtualHost 192.168.1.100
<VirtualHost you.com>
ServerName you.com
DocumentRoot /home/you/www
</VirtualHost>
<VirtualHost me.com>
ServerName me.com
DocumentRoot /home/me/www
</VirtualHost>
<VirtualHost dude.com>
ServerName dude.com
DocumentRoot /home/dude/www
</VirtualHost>
Add other options to each host as needed. Of course you'll need to make
sure Apache understands what you.com, me.com, and dude.com are; I
usually just put entries into my /etc/hosts file:
192.168.1.100 you.com
192.168.1.100 me.com
192.168.1.100 dude.com
Finally, I assume your Apache is running as the user "nobody" or
"www" (a good idea, and probably the default). You can chmod the /home
directories so that the user can edit the files, Apache can read them,
and no other user can see them:
chmod 705 /home/*
This assumes all users are in the "users" group, which is different from
the "nobody" or "www" group. You've made the directories read-write
for the users, readable to the world, but *not* accessible to anyone
else in the "users" group.
There may be ways to improve this setup, but I've been using it for
years with great success.
HTH,
Jeff
More information about the LUG
mailing list