![[ICO]](/icons/blank.gif){kind=icon}
![[PARENTDIR]](/icons/back.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}
| Name | Last modified | Size | Description |
|---|---|---|---|---|
| Parent Directory | - | ||
| README.html | 2012-05-03 07:09 | 2.4K | |
| mpm-itk-perdir-regex.patch | 2011-03-06 23:27 | 4.9K | |
This patch is a supplement for the MPM-ITK patchset, adding the per-directory setting AssignUserFromPath <path-regex> <user-pattern> <group-pattern>
Using a regex for setting the user and/or group name might seem scary, but it has a number of uses in cases where a hard-coded list of <Directory> clauses would be implactical:
This patch is against MPM-ITK version 2.2.11-02. You might have to kneed it a little if you are using a later version of MPM-ITK.
Please Note: This patch has only been briefly tested. Remember to test it rigorously before applying it in a production environment!
<Directory /home> AssignUserFromPath "^/home/([^/]+)" www-data $1-web </Directory>
Note that these paches (just like the normal MPM-ITK) will accept whatever user you give them. Thus, if you create a folder /home/root and use
AssignUserFromPath "^/home/([^/]+)" $1 $1
as the regex, Apache will run as root. You can avoid this by not
creating such a folder, or by always having a special suffix for your
web users (I recommend the latter). Having configuration like
AssignUserFromPath "^/home/([^/]+)" $1-web $1-web
will ensure that the user name ends with “-web”, so that /home/root
would make the user run as «root-web», eliminating the risk of
accidentally running the web server as root or any other system user.
This can be desirable for other reasons as well, since users often want
to have some data in their home directory which is not accessible by
Apache. In such cases, having a special «web» group for web files will
allow the user “foo” to set the group “foo-web” for the files accessible
by the web server, while other files in the home directory can be
private. For a setup where the user has a separate group for web files,
I would recommend a setting like
AssignUserFromPath "^/home/([^/]+)" www-data $1-weband chgrouping /home/foo/public_html to foo-web. Also make sure that only the owner and group can access the files.
-- Knut Auvor Grythe