Tuesday, January 10, 2006

Giving Apache What It Wants

In Web development, it's a good idea to give the Web server read/write access to the files/directories it wants to read/write to (and ONLY the server, since giving too much access is an invitation to hackers/crackers/script kiddies), but doing that can be a somewhat ... arcane process. After some web wandering, here's the process I've come up with:

1. Figure out what user/group the server is running as. On Mac OS X boxes, the default is www/www; on Unix boxes I think the default is apache/apache, but it depends on where you are. If you have root access, you can look at Apache's httpd.conf file, which explicitly states which user and group apache runs as. If you don't have root access, then you can look at the Unix process list and see what Apache is running as.

2. Change the file's user and group Use the unix command chown command thusly (assuming the user/group the server is running under is "www"): chown www:www [file], where [file] is the name of the file/directory you're changing. You'll probably need root access to do this as well (something I'm still trying to work around on Nuketown's test server, a Linux box that I don't have root access to).

No comments: