Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Permissions of the folder var/www
Top Forums UNIX for Dummies Questions & Answers Permissions of the folder var/www Post 302455485 by fpmurphy on Tuesday 21st of September 2010 08:01:35 PM
Old 09-21-2010
An alternative, but more fine-grained, approach would be to use access control lists (ACLs) to control write access to /var/www to specific users.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

file permissions on www

I recently purchased an account at a web host provider. When I logged into my file system for the first time to check the file permissions, I noticed that the file permissions on the www folder where like this: drwxr-x--- The index.html file was in the www folder as expected. If I have... (4 Replies)
Discussion started by: vic20
4 Replies

2. UNIX for Dummies Questions & Answers

Logic behind display of .www folder ??

Hi frns, I have a weird quest. I want to know the logic behind the display/rendering of the directory structure when there is no "index.htm" in the .www directory of the user. The requirement of this knowledge rooted from another requirement. Let me brief it.. I want to place a "index.htm" in... (10 Replies)
Discussion started by: srinivasan_85
10 Replies

3. UNIX for Dummies Questions & Answers

Change permissions of /var/log/messages

I have recently configured BigBrother to monitor the linux servers in our environment. The only problem is that it is unable to read the /var/log/messages file in the servers. Due to some restrictions I can't make the bb user a member of the highly priviledged groups. The current permissions on the... (3 Replies)
Discussion started by: anindra
3 Replies

4. UNIX for Advanced & Expert Users

resize /var/www (debian)

I have several live websites running in the /var/www/XXXX directory. Initially when I did the Debian install I limited the web directory to 6GB. I am now outgrowing that limit. Question is: Is there a simple way to add space to the web directory??? I'd hate to have to redo the whole... (3 Replies)
Discussion started by: seagonus
3 Replies

5. Web Development

var/www/html permissions

Hi, first post. I have no Linux experience. I have an e-friend that set me up a VPS and my website with Apache and FTP access so I could upload my files the way I do it regularly with my shared hosting. The OS in the VPS is Fedora by the way. Now the thing is: http ://www.mydomain.com presents... (0 Replies)
Discussion started by: JPA
0 Replies

6. UNIX for Advanced & Expert Users

chroot openssh access www folder

here is the setup<br/> sshd_config: <pre> Match User sftp ChrootDirectory /chroot/sftp </pre> I connect just fine to the folder <pre>/chroot/sftp</pre> However I cannot access the website developer folder due to it being outside the scope of the defined chrootdirectory... (2 Replies)
Discussion started by: dunpealslyr
2 Replies

7. Homework & Coursework Questions

help with /var folder

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: Im trying to make a script which will · Use the /var/www/logs/access_log file to process the last 300... (6 Replies)
Discussion started by: bugenhagen_
6 Replies

8. UNIX for Dummies Questions & Answers

How to protect directory var/www in debian?

hi i need somme help to protect directory in debian with user and pass var/www thank's (6 Replies)
Discussion started by: azzeddine2005
6 Replies

9. Debian

Help request. FTP user to var/www/html

Hi all. I appologise this is my first post, I will gladly have a further look around to see if this has been posted elsewhere, but so far it has not, or it doesnt quite explain in full what I need. If anyone here can help me out, I would really appreciate this. I want to make sure I do this... (1 Reply)
Discussion started by: Pinkfloyd
1 Replies

10. Web Development

$_SERVER['DOCUMENT_ROOT'] directs to /var/www not ~/public_html

Hi all, Exactly like my title says. I am learning PHP and MySQL and I used to use /var/www/ to host (contain or store) my files (.htm/.php) for testing. I could configure, finally, apache2 to use ~/public_html instead. Now I when I tried to use $_SERVER it still directs (I used echo to show... (7 Replies)
Discussion started by: faizlo
7 Replies

LEARN ABOUT DEBIAN

maildiracl

MAILDIRACL(1)						      Double Precision, Inc.						     MAILDIRACL(1)

NAME

       maildiracl - manage access control lists

SYNOPSIS

       maildiracl {-reset} {maildir}

       maildiracl {-list} {maildir} {INBOX[.folder]}

       maildiracl {-set} {maildir} {INBOX[.folder]} {[-]identifier} {[+/-]rights}

       maildiracl {-delete} {maildir} {INBOX[.folder]} {[-]identifier}

       maildiracl {-compute} {maildir} {INBOX[.folder]} {identifier...}

DESCRIPTION

       maildiracl manages "access control lists" (or ACLs) of the Courier IMAP server maildir folders. Access control lists are used primarily to
       provide fine-grained control for accessing virtual shared folders via IMAP.

	   Note
	   The Courier IMAP server server implements two types of shared folders: filesystem permission-based shared folders, as well as virtual
	   shared folders based on IMAP access control lists. Use the maildiracl command to set up access control lists for virtual shared
	   folders. Use the maildirmake(1)[1], command to implement shared folders based on filesystem permissions.

	   See the Courier IMAP server documentation for additional information on setting up virtual shared folders.

   ACL overview
       ACLs provide a fine-grained mechanism for controlling access to shared folders. ACLs may be used to specify, for example, that user1 may
       only open and read the messages in the folder; and user2 can not only do that, but also delete messages, and create subfolders.

       Each folder maintains its own individual access control list, that specifies who can do what to the folder. An ACL is a list of
       "identifier" and "rights" pairs. Each "identifier" and "rights" pair means that an entity called "identifier" (using the UTF-8 character
       set) is allowed to do "rights" on this folder.  "rights" consists of one or more letters, each letter signifies a particular action:

       a

	   identifier may modify this folder's ACLs.

       c

	   identifier may create subfolders of this folder (this includes renaming another folder as this folder's subfolders).

       e

	   identifier may remove deleted messages from this folder.

       i

	   identifier may add messages to this folder (either uploading them one by one, or copying messages from another folder).

       l

	   identifier may actually see that this folder exists. If identifier does not have the "l" right on this folder, the folder is
	   effectively invisible to identifier.

       r

	   identifier may open this folder. Note that if identifier knows the name of this folder, it can open it even if identifier does not the
	   "l" right on this folder.

       s

	   identifier may mark messages in this folder as seen, or unseen.

       t

	   identifier may mark messages in this folder as deleted, or undeleted.

       w

	   identifier may change other status flags of messages in this folder. May also add or remove custom keywords on individual messages.

       x

	   identifier may delete this folder (which includes renaming this folder as another mailbox's subfoler.

       Negative rights
	   An ACL entry of "-identifier" and "rights" is called a "negative right", which explicitly removes "rights" from "identifier". More than
	   one "identifier" is usually used to determine the actual rights someone has for the given folder. The actual access rights are
	   determined by taking all rights from all applicable identifier, than subtracting any negative rights, as specified in the following
	   section.

       Identifiers
	   Access rights on a given folder are computed by obtained the rights on the following identifiers, then subtracting the negative rights
	   on the same identifiers:

	   owner
	       The owner of the maildir containing this folder. The maildir's INBOX's ACL defaults to all rights for its owner. A new folder's ACL
	       is the same as its parent's ACL. In all cases, trying to remove the "a" right from the owner (either directly or using a negative
	       right) results in an error.

	   anyone
	       This identifier refers literally to every userid. The associated rights (or negative rights) are always used.

	   anonymous
	       This is a synonym from "anyone".

	   user=loginid
	       Rights (or negative rights) for IMAP account "loginid".

		   Note
		   "loginid" is what's logged to syslog after a succesful login. In some situations "loginid" is not exactly the actual login ID
		   used by the IMAP client.

	   group=name
	       Rights (or negative rights) for account group "name". Access rights are granted to an account group as a whole. The account options
	       feature of the Courier Authentication Library specifies which account belongs to which account group. See courier-authlib's
	       documentation for more information.

	   administrators
	       This is an alias for "group=administrators". Accounts that are members of an account group called "administrators" are considered
	       administrative accounts, and automatically receive all access rights on all accessible folders.

	   Consider the following access control list:

	       owner	      aceilrstwx
	       anyone	      lr
	       user=john      w
	       -user=mary     r
	       administrators aceilrstwx

	   This access control list specifies that the folder's owner has complete control over the mailbox (as well as the administrators, which
	   have complete access to every folder); everyone else can see it and open it, except for "mary" who can see that the mailbox exists, but
	   can't open it; additionally, "john" can change the status and keywords of individual messages (but not mark them as deleted/undeleted
	   or seen/unseen, which requires additional rights).

OPTIONS

       maildiracl -reset maildir

       This command resets access control lists in maildir which as a path to a maildir. Under certain conditions, the files where a folder's ACLs
       are saved may continue to exist after the folder is removed. The -reset options goes through maildir and removes all stale ACL files for
       removed folders.

	   Note
	   The Courier IMAP server normally performs this maintenance function automatically. It is not necessary to run this command under normal
	   conditions.

       maildiracl -list maildir folder

       This command lists the access control lists set for folder.  folder must be either "INBOX" or "INBOX.folder.subfolder", which is the same
       naming convention for the Courier IMAP server.

       maildiracl -set maildir folder identifier rights

       Puts identifier (which may begin with a minus sign to specify a negative right) and rights in folder's access control list. Existing rights
       for identifier (or identifier) are replaced by rights unless "rights" begins with "+" or "-", which modifies the existing rights by adding
       or removing from them accordingly. Some examples:

	   maildiracl -set /home/user1/Maildir INBOX.Sent user=john lr

	   maildiracl -set /home/user2/Maildir INBOX.Notes anyone -r

	   maildiracl -set /home/user3/Maildir INBOX.Private -user=tom +r

	   Note
	   Observe that the last command revokes the "r" right from "tom", by adding it as a negative right.

       maildiracl -delete maildir folder identifier

       This command removes identifier from folder's access control list, if it exists. Use "-identifier" to remove negative rights.

       maildiracl -compute maildir folder [identifier]+

       This command takes a list of one or more identifiers. All access rights for the identifiers are combined together, then any appropriate
       negative rights are removed, and the result is printed on standard output. Use the following procedure to compute access rights the same
       way as they are computed by the Courier IMAP server:

	   maildiracl -compute /home/tom46/Maildir INBOX.Sent owner user=tom46

       This command computes access rights "tom46" has on his own folder.

	   maildiracl -compute /home/john34/Maildir INBOX.Public user=tom46

       This command computes access rights "tom46" has on "john34"'s folder.

IRREVOCABLE ACCESS RIGHTS

       The owner of the mailbox must always have the "a" amd "l" access rights. The administrators group must always have all access rights to all
       folders. Attempts to set access control lists, that do not include these minimum access rights, will be rejected.

BUGS

       All identifiers are specified using the UTF-8 character set.

       All non-Latin letters in folder names are specified using the modified-UTF7 coding as used in IMAP.

       This implementation of access control lists is based on version 2 (or "ACL2") of IMAP access control lists, which is a work-in-progress.
       The existing IMAP ACL, RFC 2086[2] is transparently implemented inside the ACL2 model.

       If history's of any guidance, ACL2 is subject to change at any time. Be sure to check the release notes when upgrading to a newer version
       of this software. The "ACL overview" portion of this manual page is a very brief summary of ACL2, which leaves out optional parts of ACL2
       that are not implemented.

SEE ALSO

       maildirmake(1)[1], maildirkw(1)[3],

AUTHOR

       Sam Varshavchik
	   Author

NOTES

	1. maildirmake(1)
	   [set $man.base.url.for.relative.links]/maildirmake.html

	2. RFC 2086
	   http://www.rfc-editor.org/rfc/rfc2086.txt

	3. maildirkw(1)
	   [set $man.base.url.for.relative.links]/maildirkw.html

Courier Mail Server						    08/31/2011							     MAILDIRACL(1)
All times are GMT -4. The time now is 01:43 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy