search for: mod_ruid

...ntos > I do not know the exact reasoning for wanting each website to be run by a separate Apache process that has it's own user. Likely it's a misunderstanding of actual threats to websites, or using a IIS mindset to set requirements for Apache. I'll give Suexec+fastcgi a look and mod_ruid. Thanks for those suggestions While on subject of Apache security... Another request / idea was to have this CMS under development write user controls to .htaccess files to restrict download access to directories. Typically if I even allow any overrides, I set it so apache can only read .htacces...

...ite/ Add on domain for example an AD Group with write rights. Like "Domain website Admins" give these full control. And something like "Site Admins" for a website, inherit the one before. No hassle with keytabs, changing owner/group. Besited if you want to do that, look at mod_ruid, which allows to run an apache vhost as user. But its what you want. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Bruno Macadré > Verzonden: woensdag 3 augustus 2016 8:20 > Aan: samba at lists.samba.org > Onde...

...;Domain website Admins" give these full control. > >>> And something like "Site Admins" for a website, inherit the one > before. > >>> > >>> No hassle with keytabs, changing owner/group. > >>> Besited if you want to do that, look at mod_ruid, which allows to run > an > >> apache vhost as user. > >>> But its what you want. > >> Thanks again, > >> Greetz, > >> Bruno > >> > >>> Greetz, > >>> > >>> Louis > >>> > >>> >...

...th write rights. > > Like "Domain website Admins" give these full control. > > And something like "Site Admins" for a website, inherit the one before. > > > > No hassle with keytabs, changing owner/group. > > Besited if you want to do that, look at mod_ruid, which allows to run an > apache vhost as user. > > > > But its what you want. > Thanks again, > Greetz, > Bruno > > > Greetz, > > > > Louis > > > > > > > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:sa...

It's ok So, if I create a httpuser and an httpgroup in my AD and use these at owner and group for my apache2 daemon, this one could access to userdirs (while permissions granting it) ? But I need to cron 'kinit' to keep valid ticket... ? My local root user always can't access to the share, but my other problem seems to be resolved. Thanks Le 02/08/2016 à 16:37, Rowland