CA BD NY

  •  Subscribe in a reader

    Add to Google Reader or Homepage

  • Categories

  • Recent Posts

  • RSS MySQL Hacker

  • RSS CentOS Hacker

  • RSS Editor's Lists

    • An error has occurred; the feed is probably down. Try again later.

  • Meta

  •  Subscribe in a reader

    Add to Google Reader or Homepage

    • Running Web Sites Under Multiple User Accounts with mod_itk

    Published November 28th, 2008

    Problem Statement

    When lots of people are working on the same Apache Web server running multiple virtual hosts, creating an effective and secure file/dir permission schema is difficult using Linux’s simplistic user/group concepts. Here we will show you how you can run Apache using different Linux user accounts so that each virtual host runs using its owner’s file/dir permissions. This effectively makes each of the virtual hosts more secure as files accessible (r+w) for one virtual host is not accessible from another.

    Step 1: Installing mod_itk source

    The mod_itk module is available as a source patch for Apache Web server source distribution. So if you are running Apache from a RPM distribution, you cannot use it. It is for those of us who love to compile Apache from source distribution. We will assume you have compiled and installed Apache from a source distribution and the source code is kept at /usr/local/src/httpd-[version]. Follow the steps below:

    1. Download the mod_itk patch file from http://mpm-itk.sesse.net/.
    2. Change directory to your Apache source distribution and run patch -p1 < /path/to/[downloaded patch file] and run autoconf
    3. Edit your config.nice and add: "--with-mpm=itk" \ before the last line. Here is a sample config.nice: 
      #! /bin/sh
#
# Created by configure

"./configure" \
"--prefix=/home/apache" \
"--enable-so" \
"--with-ssl=/usr" \
"--enable-ssl" \
"--enable-deflate" \
"--disable-cgi" \
"--enable-rewrite" \
"--disable-userdir" \
"--with-mpm=itk" \
"$@"
    4. Run compile and install Apache as follows: ./configure && make && make install

    Step 2: Configuring your virtual host using a specific user account

    Now create a new linux user and group (or you can use an existing one too) for your virtual host that you want to run using a specific user account. Then follow the steps below:

    1. Change file/directory ownership of your virtual host’s document root for the chosen Linux user
    2. Edit your virtual host configuration file and add the following lines: 
      
<IfModule mpm_itk_module>
    AssignUserId [username] [groupname]
</IfModule>
    3. Now restart Apache and access your Web site via a Web browser
    4. On the server’s command-line, run: ps auxww | grep httpd and notice that one or more processes are run using the chosen username.

    Category: Access Control, Security, Virtual Host | Tags:

    Speeding Up Your Web Site Using mod_deflate Module for Apache Disabling Weak SSL v2 Support in Apache Server

    Get a Trackback link

    1 Trackbacks/Pingbacks

    1. Pingback: mod_itk - the return of running apache virtualhosts with configurable user/group privileges « Selah. on June 6, 2009

    1 Comments

    1. liz on December 2, 2008

      I have gone through it.

    Leave a comment

    Comment Policy: First time comments are moderated. Please be patient.

    You must be logged in to post a comment.