[arch-general] How to grant Apache httpd permission to serve files from my home directory?
Hello, how can I grant Apache httpd permissions to present files out of my home directory? Especially, I don't want to only serve files from my home folder, and I don't want to give it full root access. To be more specific, I want to serve a small tutorial project in Python via uWSGI. I guess, first httpd needs the rights to delegate, then uWSGI needs rights to access the scripts. Both are currently running as http:http. This is not being thought as a permanent solution, just only for "quick & dirty" deployment, as always thinking about copying etc. during learning phase is rather inconvenient. Kind regards Peter
Hi Peter,
how can I grant Apache httpd permissions to present files out of my home directory?
https://httpd.apache.org/docs/2.4/howto/public_html.html isn't exactly what you want, but investigating what it suggests and how it works may lead there. -- Cheers, Ralph.
Hi Ralph, thank You for Your reply. But a solution for the httpd server will still lack permissions for the uwsgi demon. Otherwise, I've noticed some files in my home directory have permissions 755, while others have only 744. For executable scripts, IMHO 755 should be correct, so I set those permissions. But my home directory itself isn't accessible (permissins 710, and it even seems it should have 700), so this doesn't work, too. I also tried to create a symbolic link to some directory I haven't access to as a normal user (using sudo and chown -h), but this doesn't seem to work, either (I only tried a directory listing). So far, the problem seems I need to permit access not only to the directories I want to grant it, but also to the parent directories, what is not what I want. So, is there some other way than to use ACLs (Well, I guess they don't solve the problem with folders hierarchy, but at least they give finer control, hopefully, to what is allowed. The problem with existing permissions is, while my home directory is "protected", everything in it has only loosely assigned restrictions, so opening my home directory for general access seems to be a bad idea ...)? Kind regards Peter Am 24.01.19 um 10:57 schrieb Ralph Corderoy:
Hi Peter,
how can I grant Apache httpd permissions to present files out of my home directory? https://httpd.apache.org/docs/2.4/howto/public_html.html isn't exactly what you want, but investigating what it suggests and how it works may lead there.
Okay, found my problem ... reading docs too quickly. ;-) From the docs: "The emperor is normally run as root, setting the UID and GID in each instance’s config." Obviously, it needs to have root access to be able to set the user for each vassal, so I may not change the emperor's uid and guid. Kind regards Peter Am 24.01.19 um 10:57 schrieb Ralph Corderoy:
Hi Peter,
how can I grant Apache httpd permissions to present files out of my home directory? https://httpd.apache.org/docs/2.4/howto/public_html.html isn't exactly what you want, but investigating what it suggests and how it works may lead there.
On 24/01/2019 10:35, Peter Nabbefeld wrote:
Hello,
how can I grant Apache httpd permissions to present files out of my home directory?
Especially, I don't want to only serve files from my home folder, and I don't want to give it full root access.
To be more specific, I want to serve a small tutorial project in Python via uWSGI. I guess, first httpd needs the rights to delegate, then uWSGI needs rights to access the scripts. Both are currently running as http:http.
This is not being thought as a permanent solution, just only for "quick & dirty" deployment, as always thinking about copying etc. during learning phase is rather inconvenient.
Kind regards
Peter
Serving from /srv is not any more inconvenient really, you could set it up as a git remote and git push to it (or whatever vcs you prefer), or have your editor automate the copy.
On 24/01/2019 09:35, Peter Nabbefeld wrote:
To be more specific, I want to serve a small tutorial project in Python via uWSGI. ... This is not being thought as a permanent solution, just only for "quick & dirty" deployment
uWSGI will run as a non-privileged user so you can run it as yourself and point it to the application. Serve on a port higher than 1024 and there's no reason you need root-level privileges [1]: uwsgi --http :9090 --wsgi-file foobar.py Python even has its own built-in web server, `python -m http.server` if you want to play with serving HTML etc. [2] It's obviously not how you would do it in production, but for a quick test or local development it seems like the easiest solution. J [1] https://uwsgi-docs.readthedocs.io/en/latest/WSGIquickstart.html#deploy-it-on... [2] https://docs.python.org/3/library/http.server.html
participants (4)
-
Jonathon Fernyhough
-
Mr.Elendig
-
Peter Nabbefeld
-
Ralph Corderoy