similar to: Apache and web content permissions

Le 02/12/2017 ? 14:19, Leon Fauster a ?crit : > I would build a rpm package of wordpress (everything can be defined > there like permissions etc) The initial question was: WHAT permissions? > and disabling the automatic update > function in wordpress. Build once it can be installed on all (two > dozen) webservers automagically (local yum repository) ... externe That would mean

Hi Niki, The principle to work by here is 'least required access'. There's two functional types of users we care about, the one executing the PHP code (probably apache or php-fpm) and admins like yourself with FTP/shell access. Upstream wordpress documents application write requirements at https://codex.wordpress.org/Hardening_WordPress#File_Permissions - read it to know where the

> Am 02.12.2017 um 10:30 schrieb Nicolas Kovacs <info at microlinux.fr>: > > Hi, > > Until a few months ago, when I had to setup a web server under CentOS, I > assigned (I'm not sure about the correct english verb for "chown"ing) > all the web pages to the apache user and group. To give you an example, > let's say I have a static website under

Hi, I have a series of websites hosted on two CentOS 7 servers, using Apache virtual hosts. One of these servers is a "sandbox" machine, to test things and to fiddle around. On the sandbox server, I have a few dummy websites I'm hosting. # ls /var/www/html/ default phpinfo slackbox-mail slackbox-site unixbox-mail unixbox-site Since Apache is running as system user

Le 02/12/2017 ? 16:25, Brian Mathis a ?crit?: > You could write a script to open the permissions, apply updates using > something like http://wp-cli.org/, then close the permissions again. Run > it through cron so you get updates in a timely manner. Here's a little script I wrote to automatically update Wordpress core, extensions and themes. Works perfectly. I'll run it manually

Hi, I'm currently experimenting with setting up my own Firefox Sync Server on a public server running CentOS 7, following this document: https://mozilla-services.readthedocs.io/en/latest/howtos/run-sync-1.5.html So far I have a partial success. Bookmarks are syncing via the basic internal server running on port 5000, and I can also configure a MySQL database for bookmark storage. What I

Hi, Some time ago I wrote an introductory article about SELinux on my blog. I'm currently updating it for my new blog, and I found a curious change in SELinux policy. Here goes. For demonstration purposes, I'm using some static webpages, more exactly the default pages found in /usr/share/httpd/noindex, which I simply copied over to /var/www/html. As a first practical example, I'm

Hi, Is it possible to configure persistent desktop icons, e. g. shortcuts that users can't delete ? On most of my client desktops, I have some home-made shortcuts, like here for example : http://www.microlinux.fr/configurations.html The shortcut on the lower left corner of the screen launches the public library management system. Most of the users are quite computer-illiterate, and more

Trying to install rails/fcgi/apache2. Following these instructions: http://xmlareas.com/ruby-rails-howto.html Using Fedora Core 4. I installed ruby and ruby-devel using apt-get. Everything under Adding FastCGI (optional) works fine up to the gem install fcgi part. Here is what happens: [root@paulbarry fcgi-2.4.0]# gem install fcgi -r -- -with-fcgi-lib=/usr/local/fcgi/lib

Le 17/11/2019 ? 18:56, Jonathan Billings a ?crit?: > You should never be using ntpdate anymore (which is why the ntp project is deprecating it, http://support.ntp.org/bin/view/Dev/DeprecatingNtpdate <http://support.ntp.org/bin/view/Dev/DeprecatingNtpdate> ). I really only ever suggest ntpd unless you?re running an NTP server that provides NTP service to your network, and needs to

Hi, This question is not exactly CentOS-related strictly speaking, but here goes. I'm running a few newsletter servers for myself and a handful of clients on public CentOS servers with PHPList. For the last twenty years or so I've followed the basic rule that mails should have no formatting whatsoever, only simple text. And now I wonder if that basic rule of netiquette also applies to

I use rsync in a fairly complex scripted situation and am trying to figure out how to avoid changing ownership/permissions just on the directories specified on the command line (but operate normally for everything underneath). I've been using --relative --no-implied-dirs with some success in other situations, but here it still seems to try to chown the last path component of the

I tried using the fake_perms module to set up some read-only profiles and couldn't get it to work. Could someone please point out what I'm doing wrong? I created a copy of my regular [profiles] share with the fake_perms module loaded: [staticprofiles] path = /staticprofiles invalid users = root browseable = yes csc policy = disable veto oplock files = /prf*.tmp/

Been trying to deploy my rails app on Redhat ES3, Apache2, FastCGI with Plesk all day. Fun stuff. Basically, the issue that I can not solve has to do with access to /public. None of my images, javascripts, etc. are working in the app. Trying to access any of these results in a 404 (or routing error if in developer mode). Oddly, the 404 file it displays is -- you guessed it -- in fact *in*

Hi, I've been working with Squid + SquidGuard for a few years, though only on Slackware. I'm currently transferring my proxy expertise to CentOS 7, and right now I'm having a little problem with that. Squid works perfectly so far as a transparent HTTP + HTTPS cache proxy. The next step is to add SquidGuard, so I installed it and edited the most basic /etc/squid/squidGuard.conf file

Hi All - I am running CentOS 7.5 and trying to use certbot. I am getting an error 403 forbidden on the /.well-known/acme-challenge/-CG_gSckofY5ln7TdMvoanDI1_FBRh8otQkyB0hxmoo Some searching indicated permission problems... I also noticed that the /var/www/html directory does not even have the .well-known directory in it. The /var/www/html directory was root:root I changed it to root:apache

I recently installed C7 from a C7+gnome CD. Gnome was awful enough that I promptly installed KDE. KDE is not doing so well either. Text in text editors invoked by "opening" a file is flakey at best. E.g. pieces disappear and duplicate. Terminals seem ok, including vim invoked from the terminal. Firefox text seems ok. The sidebar text in file-browser windows often has "black

I have a site running drupal. The apache user therefore needs to be able to write certain files (CSS files for example). I also have a directory under my web root which is a SAN mount, to which apache must be able to write. What is the most secure way to implement this? I am thinking: chown -R root:apache /var/www/html chmod -R 0750 /var/www/html chown apache:apache for where need to write

Hello, I have a file which varies depending on which OS/version it''s running. I tried to make a nested source parameter like this, but it didn''t work: source => $operatingsystem ? { Debian => "puppet://myserver.com/files/os/debian/etc/ssh/sshd_config", Gentoo => "puppet://myserver.com/files/os/gentoo/etc/ssh/sshd_config", RedHat =>

Hi all, I'm trying to install ssh server based on x509 certificates with no result. What I've done is the following: - Build openssh4.7p1 after patching with openssh-4.7p1+x509-6.1.diff.gz without error using ./configure --prefix=/opt/ssh && make && make install in both server and client machines - Create minimal openssl ca structure under /opt/ssh/etc/ca ( self