Chown owner apache of the directory

[dhutten]

Hello,

At this moment we have a DA server. A customer uses a script (mkdir )that would made automaticly create directories in a folder in his webroot.

The owner of this files won't be their username, but 'apache', so they can't edit or remove these files anymore.

Also the bandwith i on apache and not on the end-user. I here a solution for?

Most recent version of DA

CentOS 4.4

 

[rocketcity]

If you are the admin for the server, you will need to ssh into the server, go to the users home directory and traverse down until you get to the directory that needs to be changed. Then chown the folders to the appropriate user id.

If you are not the server admin, contact the hosting companies support department and submit a request to have this done for you.

Regards

 

[dhutten]

Hi,

i'am the server admin, and at this moment i'm doing it by the ssh session. But this customer makes several folders everyday to store pictures and stuff inside.

So it must be automated, better when the user makes a directorie it shoot be done with his own userID.

Because when someone hacks Apache he has control about several dirs.

I considered a cronjob but that gives server load.

Any one an idea.

 

[floyd]

I do it as a cronjob for all my customers on all my servers with no problem. You can set the nice level on the command to the lowest so that it doesn't interfere with any other server functions.

The other option is to hack the php script so that it chmod's the directories and files to 766 that way the real user can manage them.

Running the cronjob you should also chmod the directories and files to 766 that way apache can still manage them if necessary.

And yet another option is to use suPhp. I think it is supposed to run as the user and not apache.

Oh and one more, you can set up the php script to run as a cgi instead of an apache module and the it will also run as the real user.

The one that is best for you depends on what your skill level is.

 

[dhutten]

I do it as a cronjob for all my customers on all my servers with no problem. You can set the nice level on the command to the lowest so that it doesn't interfere with any other server functions.

The other option is to hack the php script so that it chmod's the directories and files to 766 that way the real user can manage them.

Running the cronjob you should also chmod the directories and files to 766 that way apache can still manage them if necessary.

And yet another option is to use suPhp. I think it is supposed to run as the user and not apache.

Oh and one more, you can set up the php script to run as a cgi instead of an apache module and the it will also run as the real user.

The one that is best for you depends on what your skill level is.

Hi Floyd do you have a print out of that cronjob?

 

[jackc]

find /home -user apache | xargs -i chmod 766 {}

but if there are lots files and directories, it will take lots resources to complete this task, like our server with 100K+ files...pain in the ass.
However thanks to DA, next version file manager will be able to manipulate these files

http://www.directadmin.com/forum/showthread.php?t=6084

 

[floyd]

find /home -user apache | xargs -i chmod 766 {}

This will help with the resources:

nice -n 19 find /home -user apache | xargs -i chmod 766 {}

Also:
nice -n 19 find /home -user apache -exec chmod 766 {} \;

 

[jackc]

thanks floyd, will try that.
how often do you run that cronjob?

 

[floyd]

how often do you run that cronjob?

That would depend on how long it takes to complete. You don't want the next one to start until the first completes. And it also depends on how often files are getting created and how often the users are going to want to manage those files. How long it takes to complete will depend on how many files it need to look at. You might want to just do it on a per user basis and then also maybe only the specific directories that need it.

 

[jackc]

Just tried use it with nice on one of my servers, didn't seem to take that long as expected. but server load still jump from 0.xx to 5. maybe running it on midnight is a good idea.

 

[floyd]

That's weird. Did you also run top while the command was running? Did you confirm that it was running with nice level of 19?

I am watching mine now and the load average went up by only .5. Been running for 5 minutes now. I am using:

nice -n 19 find /home -user apache -exec chmod 766 {} \;

 

[jackc]

I used the xargs, I will try use exec next time.

 

[nobaloney]

We've been creating separate cronjobs for every user that asks for them (and for no one else). We simply change all files in the public_html directory and subdirectories to <username>:<username>.

We run it every minute. We've never seen any server load increase. Probably because we only do it for users who need it.

Jeff

 

[jackc]

IO wait is very high when running this cronjob. is it possible to make it run slower?

 

[floyd]

is it possible to make it run slower

There are a number of ways to make it run slower. Write a script to do the same thing but add in some sleep time.

But if your IO wait is very high chances are there is something else wrong too. Your server is overloaded or the hard drive is going bad or you don't have enough memory.

This command:

nice -n 19 find /home -user apache -exec chmod 766 {} \;

runs in the background letting all others processes go first. The nice level 19 means its basically using unused cpu cycles.

 

[compibot]

We've been creating separate cronjobs for every user that asks for them (and for no one else). We simply change all files in the public_html directory and subdirectories to <username>:<username>.

We run it every minute. We've never seen any server load increase. Probably because we only do it for users who need it.

Jeff

Jeff, would you do it like this ?

nice -n 19 find /home/usuario/domains/sudominio.com -user apache -exec chown usuario.usuario {} \;

 

[nobaloney]

I've never used the nice command in a cronjob run every minute or few minutes. I'm always afraid it'll still be running the next time it comes around. I checked, and it turns out we run the command every ten minutes; that's been often enough.

I think using find is overkill, since you know the directories:

chown -r usario:usario /home/usario/domains/subdominio.com/public_html

(I think that's what we use but I'm not looking right now.)

Jeff