Support

DNSFusion · #1 07-07-2004, 10:10 PM

Hi All,

I have just installed LSWS 1.5 Pro and am having a few issues with permissions.

I created a new virtual host in the admin panel and pointed its home directory to /home/lsws/www.mydomain.com/

The permissions on that folder and all folders below it are:
chmod 760
chown lsws.lsws

The permissions on the files within those folders is:
chmod 640
chown lsws.lsws

The user and group 'lsws' is who i am running the server as, but when i try to browse to one of the files, the web server tells me access is denied.
The only way to rectify this is to make the files chmod 644 which is world readable...

Any Ideas?

mistwang · #2 07-08-2004, 09:06 AM

It is a security feature.
Please read the section about "Strict static file Checking" under http://www.litespeedtech.com/security.html

and http://www.litespeedtech.com/docs/Se...PermissionMask

If you do not want to require world readable bit, set it to "040" to require group readable bit, or set to "000" not to require any thing.

Our take on this is, if you do not want to allow every one on your machine to be able to read a file, you should not allow every one in the world to be able to read it. Make sense? ;-)

George

DNSFusion · #3 07-08-2004, 09:11 AM

I tried setting it to 040, but it killed the admin panel. None of the images would load, and none of the pop-up configuration windows would load either.

I'm guessing its because the rights on the files in the admin panel are something like 604?

The reason i would opt for 640 is because i don't want people on my machine to access it, but i would like the web server to control the access via .htaccess.

mistwang · #4 07-08-2004, 10:26 AM

Quote:

I'm guessing its because the rights on the files in the admin panel are something like 604?

Change them to 644 then, it is caused by the umask setting of "root" user.

Quote:

The reason i would opt for 640 is because i don't want people on my machine to access it, but i would like the web server to control the access via .htaccess.

Actually, as long as the permission of one of the parent directories set to 0750, other users can not access any directory/file under. It is not necessary to set 640 to all files at all.