Mailing List Archive

> From: Fred Atkinson [mailto:fatkinson@mishmash.com]

> Would it be feasible to do this by installing Apache under the
> root user then creating these subdirectories and giving ownership of
> the subdirectory to the individual user?

Apache should be installed and owned by root. However, the DocumentRoot's
for the various servers can be owned by anyone you want. It is not
necessary for the DocumentRoot's to be subdirectories of the Apache
installation. You can install Apache to /usr/local/apache and still point
the DocumentRoot's at /www/whatever.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

> From: Richard Shade [mailto:rshade98@hotmail.com]

> I believe that apache should be owned by a non root user such as
> apache,nobody,ncsa,httpd or johndoe with no permission to login
> then point
> the doc root to whatever you want.

Hmmm... We are being a little vague when we talk about "apache" being owned
by a paritcular user. If we are talking about the apache binary, then it
should *not* be owned by an unpriveleged user. It should be owned by root.
The "User" and "Group" specified in httpd.conf should be set to an
unpriveleged user, but that is a very different thing.

For more details:
http://httpd.apache.org/docs/misc/security_tips.html

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

On Sat, 29 Dec 2001 20:48 -0500 (EST)
Fred Atkinson Fred Atkinson <fatkinson@mishmash.com> wrote:

> >> From: Richard Shade [mailto:rshade98@hotmail.com]
> >
> >> I believe that apache should be owned by a non root user such
> as
> >> apache,nobody,ncsa,httpd or johndoe with no permission to login
> >> then point
> >> the doc root to whatever you want.
> >
> >Hmmm... We are being a little vague when we talk about "apache"
> being owned
> >by a paritcular user. If we are talking about the apache
> binary, then it
> >should *not* be owned by an unpriveleged user. It should be
> owned by root.
> >The "User" and "Group" specified in httpd.conf should be set to
> an
> >unpriveleged user, but that is a very different thing.
> >
> >For more details:
> >http://httpd.apache.org/docs/misc/security_tips.html
> >
> >Joshua.
>
> What I am getting at is running Apache. Then, creating
> multiple
> domains and directories to point them at. Next, assigning each
> subdirectory
> to a different user so each user can update their files to manage
> their
> Web site. Each user would exercise exclusive control over their
> files
> but Apache would be running under a separate user (perhaps root).
>
>
> Fred

Fred,

What you want to do is possible and is done every day. Install and
run Apache like Joshua says. Each "virtual host" can be in control
of their own space. However, you also need to set up some other
things that will allow that. You need to set up an FTP server ...
or provide another way to upload files. You need to provide telnet
(bad choice) or ssh. You need to set up a way for each user to keep
out of everyone else's space.

I think that a good place to start reading might be
http://httpd.apache.org/docs/misc/vif-info.html

--
Raquel
============================================================
Words are plentiful, but deeds are precious.
--Lech Walesa




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

m yweb host has it owned by root and has no security issues, i even get
to execute scripts as root!

Joshua Slive wrote:
>
> > From: Richard Shade [mailto:rshade98@hotmail.com]
>
> > I believe that apache should be owned by a non root user such as
> > apache,nobody,ncsa,httpd or johndoe with no permission to login
> > then point
> > the doc root to whatever you want.
>
> Hmmm... We are being a little vague when we talk about "apache" being owned
> by a paritcular user. If we are talking about the apache binary, then it
> should *not* be owned by an unpriveleged user. It should be owned by root.
> The "User" and "Group" specified in httpd.conf should be set to an
> unpriveleged user, but that is a very different thing.
>
> For more details:
> http://httpd.apache.org/docs/misc/security_tips.html
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

>> From: Richard Shade [mailto:rshade98@hotmail.com]
>
>> I believe that apache should be owned by a non root user such as
>> apache,nobody,ncsa,httpd or johndoe with no permission to login
>> then point
>> the doc root to whatever you want.
>
>Hmmm... We are being a little vague when we talk about "apache" being owned
>by a paritcular user. If we are talking about the apache binary, then it
>should *not* be owned by an unpriveleged user. It should be owned by root.
>The "User" and "Group" specified in httpd.conf should be set to an
>unpriveleged user, but that is a very different thing.
>
>For more details:
>http://httpd.apache.org/docs/misc/security_tips.html
>
>Joshua.

What I am getting at is running Apache. Then, creating multiple
domains and directories to point them at. Next, assigning each subdirectory
to a different user so each user can update their files to manage their
Web site. Each user would exercise exclusive control over their files
but Apache would be running under a separate user (perhaps root).



Fred


>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

You don't need virtual domains if you just want to offer a web page for the
people who have accounts on your box. You just need to set the UserDir
directive to public_html. They can access their web pages at
www.yourdomain.com/~user_name.

BTW, what is Linux 7.0?

Darren

----- Original Message -----
From: "Fred Atkinson" <fatkinson@mishmash.com>
To: <users@httpd.apache.org>
Sent: Saturday, December 29, 2001 7:48 PM
Subject: RE: Best way to do this


> >> From: Richard Shade [mailto:rshade98@hotmail.com]
> >
> >> I believe that apache should be owned by a non root user such as
> >> apache,nobody,ncsa,httpd or johndoe with no permission to login
> >> then point
> >> the doc root to whatever you want.
> >
> >Hmmm... We are being a little vague when we talk about "apache" being
owned
> >by a paritcular user. If we are talking about the apache binary, then
it
> >should *not* be owned by an unpriveleged user. It should be owned by
root.
> >The "User" and "Group" specified in httpd.conf should be set to an
> >unpriveleged user, but that is a very different thing.
> >
> >For more details:
> >http://httpd.apache.org/docs/misc/security_tips.html
> >
> >Joshua.
>
> What I am getting at is running Apache. Then, creating multiple
> domains and directories to point them at. Next, assigning each
subdirectory
> to a different user so each user can update their files to manage their
> Web site. Each user would exercise exclusive control over their files
> but Apache would be running under a separate user (perhaps root).
>
>
>
> Fred
>
>
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP Server
Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

On Sun, 30 Dec 2001 12:36, Webmaster wrote:
> m yweb host has it owned by root and has no security issues, i even get
> to execute scripts as root!

That is extraordinary and extremely inconsiderate of
(possibly paying) clients. Any client can completey
take over the system and control or destroy any
information about anything. You can do _anything_
with anyone elses data and they the same to yours.

--markc


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

He must mean Red Hat Linux 7.0

Darren wrote:
>
> You don't need virtual domains if you just want to offer a web page for the
> people who have accounts on your box. You just need to set the UserDir
> directive to public_html. They can access their web pages at
> www.yourdomain.com/~user_name.
>
> BTW, what is Linux 7.0?
>
> Darren
>
> ----- Original Message -----
> From: "Fred Atkinson" <fatkinson@mishmash.com>
> To: <users@httpd.apache.org>
> Sent: Saturday, December 29, 2001 7:48 PM
> Subject: RE: Best way to do this
>
> > >> From: Richard Shade [mailto:rshade98@hotmail.com]
> > >
> > >> I believe that apache should be owned by a non root user such as
> > >> apache,nobody,ncsa,httpd or johndoe with no permission to login
> > >> then point
> > >> the doc root to whatever you want.
> > >
> > >Hmmm... We are being a little vague when we talk about "apache" being
> owned
> > >by a paritcular user. If we are talking about the apache binary, then
> it
> > >should *not* be owned by an unpriveleged user. It should be owned by
> root.
> > >The "User" and "Group" specified in httpd.conf should be set to an
> > >unpriveleged user, but that is a very different thing.
> > >
> > >For more details:
> > >http://httpd.apache.org/docs/misc/security_tips.html
> > >
> > >Joshua.
> >
> > What I am getting at is running Apache. Then, creating multiple
> > domains and directories to point them at. Next, assigning each
> subdirectory
> > to a different user so each user can update their files to manage their
> > Web site. Each user would exercise exclusive control over their files
> > but Apache would be running under a separate user (perhaps root).
> >
> >
> >
> > Fred
> >
> >
> > >---------------------------------------------------------------------
> > >The official User-To-User support forum of the Apache HTTP Server
> Project.
> > >See <URL:http://httpd.apache.org/userslist.html> for more info.
> > >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >For additional commands, e-mail: users-help@httpd.apache.org
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

I believe that apache should be owned by a non root user such as
apache,nobody,ncsa,httpd or johndoe with no permission to login then point
the doc root to whatever you want.


>From: "Joshua Slive" <joshua@slive.ca>
>Reply-To: users@httpd.apache.org
>To: <users@httpd.apache.org>
>Subject: RE: Best way to do this
>Date: Sat, 29 Dec 2001 19:42:16 -0500
>
>
> > From: Fred Atkinson [mailto:fatkinson@mishmash.com]
>
> > Would it be feasible to do this by installing Apache under the
> > root user then creating these subdirectories and giving ownership of
> > the subdirectory to the individual user?
>
>Apache should be installed and owned by root. However, the DocumentRoot's
>for the various servers can be owned by anyone you want. It is not
>necessary for the DocumentRoot's to be subdirectories of the Apache
>installation. You can install Apache to /usr/local/apache and still point
>the DocumentRoot's at /www/whatever.
>
>Joshua.
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>




_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

that sounds good.


>From: Fred Atkinson <fatkinson@mishmash.com>
>Reply-To: users@httpd.apache.org
>To: <users@httpd.apache.org>
>Subject: RE: Best way to do this
>Date: Sat, 29 Dec 2001 20:48 -0500 (EST)
>
> >> From: Richard Shade [mailto:rshade98@hotmail.com]
> >
> >> I believe that apache should be owned by a non root user such as
> >> apache,nobody,ncsa,httpd or johndoe with no permission to login
> >> then point
> >> the doc root to whatever you want.
> >
> >Hmmm... We are being a little vague when we talk about "apache" being
>owned
> >by a paritcular user. If we are talking about the apache binary, then
>it
> >should *not* be owned by an unpriveleged user. It should be owned by
>root.
> >The "User" and "Group" specified in httpd.conf should be set to an
> >unpriveleged user, but that is a very different thing.
> >
> >For more details:
> >http://httpd.apache.org/docs/misc/security_tips.html
> >
> >Joshua.
>
> What I am getting at is running Apache. Then, creating multiple
>domains and directories to point them at. Next, assigning each
>subdirectory
>to a different user so each user can update their files to manage their
>Web site. Each user would exercise exclusive control over their files
>but Apache would be running under a separate user (perhaps root).
>
>
>
> Fred
>
>
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP Server
>Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>




_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

At 08:48 PM 12/29/01 -0500, you wrote:
> What I am getting at is running Apache. Then, creating multiple
>domains and directories to point them at. Next, assigning each subdirectory
>to a different user so each user can update their files to manage their
>Web site. Each user would exercise exclusive control over their files
>but Apache would be running under a separate user (perhaps root).

Get the _Apache_Server_Bible_ by Mohammed J. Kabir, pub. by IDG books. RTFM.

________________________________________________________________________
For private sector (commercial) space development, visit
http://www.L5Development.com
L5 Software Development - "out of this world" sites and software
http://www.L5Software.com
StudioLines.com - Your place on the Internet for local music
Music, feedback, connections. Tap the power of the Internet!
http://www.StudioLines.com
How much did your last traffic ticket cost you?
http://www.StopHighwayRobbery.com
ThmIndxr(tm), the *only* HTML thumbnail/indexer you need!
http://www.L5Software.com/go?ThmIndxr
wCapLock(tm), makes CapsLock work like it does on a typewriter
http://www.L5Software.com/go?wCapLock
KeywordGo(tm), provides keyword access to your popular pages
http://www.L5Software.com/go?KeywordGo
BannerAds(tm), join multiple affiliate programs with one banner
http://www.L5Software.com/go?BannerAds
My personal Web page is http://www.L5Development.com/wfredk
Stop by some time!


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

> > What I am getting at is running Apache. Then, creating multiple
> >domains and directories to point them at. Next, assigning each subdirectory
> >to a different user so each user can update their files to manage their
> >Web site. Each user would exercise exclusive control over their files
> >but Apache would be running under a separate user (perhaps root).
>
> Get the _Apache_Server_Bible_ by Mohammed J. Kabir, pub. by IDG books. RTFM.

Easy, tiger :) This is a users list. We expect people to take a look at the
documentation first, but 'RTFM' is not a very useful answer in this kind of
forum. If an question from a user is already answered in the documentation,
just point him to the relevant section.

Daniel

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Darren,

No, that is not what I want to do.

I want each user to administer his/her own domain, not give each
one a Web page.

Linux 7.0 is a recent release of Linux Red Hat. I believe that
the current version is 7.2, however.



Fred

>Date: Sat, 29 Dec 2001 23:27 -0500 (EST)
>From: "Darren" <backdoc@crotchett.com>
>To: <users@httpd.apache.org>
>Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
>Reply-To: users@httpd.apache.org
>list-help: <mailto:users-help@httpd.apache.org>
>list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
>list-post: <mailto:users@httpd.apache.org>
>Delivered-To: mailing list users@httpd.apache.org
>Subject: Re: Best way to do this
>
>You don't need virtual domains if you just want to offer a web page for the
>people who have accounts on your box. You just need to set the UserDir
>directive to public_html. They can access their web pages at
>www.yourdomain.com/~user_name.
>
>BTW, what is Linux 7.0?
>
>Darren
>
>----- Original Message -----
>From: "Fred Atkinson" <fatkinson@mishmash.com>
>To: <users@httpd.apache.org>
>Sent: Saturday, December 29, 2001 7:48 PM
>Subject: RE: Best way to do this
>
>
>> >> From: Richard Shade [mailto:rshade98@hotmail.com]
>> >
>> >> I believe that apache should be owned by a non root user such as
>> >> apache,nobody,ncsa,httpd or johndoe with no permission to login
>> >> then point
>> >> the doc root to whatever you want.
>> >
>> >Hmmm... We are being a little vague when we talk about "apache" being
>owned
>> >by a paritcular user. If we are talking about the apache binary, then
>it
>> >should *not* be owned by an unpriveleged user. It should be owned by
>root.
>> >The "User" and "Group" specified in httpd.conf should be set to an
>> >unpriveleged user, but that is a very different thing.
>> >
>> >For more details:
>> >http://httpd.apache.org/docs/misc/security_tips.html
>> >
>> >Joshua.
>>
>> What I am getting at is running Apache. Then, creating multiple
>> domains and directories to point them at. Next, assigning each
>subdirectory
>> to a different user so each user can update their files to manage their
>> Web site. Each user would exercise exclusive control over their files
>> but Apache would be running under a separate user (perhaps root).
>>
>>
>>
>> Fred
>>
>>
>> >---------------------------------------------------------------------
>> >The official User-To-User support forum of the Apache HTTP Server
>Project.
>> >See <URL:http://httpd.apache.org/userslist.html> for more info.
>> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >For additional commands, e-mail: users-help@httpd.apache.org
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Well,

How do you keep this from happening?

Can not I just give each user his own cgi-bin directory under his
own user name and expect him to run his own?



Fred

>Date: Sat, 29 Dec 2001 23:57 -0500 (EST)
>From: Mark Constable <markc@renta.net>
>Organization: http://renta.net
>To: users@httpd.apache.org
>Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
>Reply-To: users@httpd.apache.org
>list-help: <mailto:users-help@httpd.apache.org>
>list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
>list-post: <mailto:users@httpd.apache.org>
>Delivered-To: mailing list users@httpd.apache.org
>Subject: Re: Best way to do this
>
>On Sun, 30 Dec 2001 12:36, Webmaster wrote:
>> m yweb host has it owned by root and has no security issues, i even get
>> to execute scripts as root!
>
>That is extraordinary and extremely inconsiderate of
>(possibly paying) clients. Any client can completey
>take over the system and control or destroy any
>information about anything. You can do _anything_
>with anyone elses data and they the same to yours.
>
>--markc
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Yes, considering all I was asking if this was (in your humble opinions)
the best way to go.

I've looked at several books. They describe different ways of
doing this. I want to see what you people think.



Fred

>> > What I am getting at is running Apache. Then, creating multiple
>> >domains and directories to point them at. Next, assigning each subdirectory
>> >to a different user so each user can update their files to manage their
>> >Web site. Each user would exercise exclusive control over their files
>> >but Apache would be running under a separate user (perhaps root).
>>
>> Get the _Apache_Server_Bible_ by Mohammed J. Kabir, pub. by IDG books. RTFM.
>
>Easy, tiger :) This is a users list. We expect people to take a look at the
>documentation first, but 'RTFM' is not a very useful answer in this kind of
>forum. If an question from a user is already answered in the documentation,
>just point him to the relevant section.
>
>Daniel
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

At 07:44 AM 12/30/01 -0500, Fred Atkinson <fatkinson@mishmash.com> wrote:
> >> > What I am getting at is running Apache. Then, creating multiple
> >> >domains and directories to point them at. Next, assigning each
> subdirectory
> >> >to a different user so each user can update their files to manage their
> >> >Web site. Each user would exercise exclusive control over their files
> >> >but Apache would be running under a separate user (perhaps root).
> >>
> >> Get the _Apache_Server_Bible_ by Mohammed J. Kabir, pub. by IDG
> books. RTFM.
> >
> >Easy, tiger :) This is a users list. We expect people to take a look at the
> >documentation first, but 'RTFM' is not a very useful answer in this kind of
> >forum. If an question from a user is already answered in the documentation,
> >just point him to the relevant section.
> >
> >Daniel
>
> Yes, considering all I was asking if this was (in your humble opinions)
>the best way to go.
> I've looked at several books. They describe different ways of
>doing this. I want to see what you people think.
> Fred

OK, so I guess I'm not your average user: I'm the webmaster on 7 active
sites, I have half a dozen programs for sale on the Internet and several
more in development, and I just got done spending 2 months of intensive
effort setting up a server to host most of my sites. I'm using a lot of
free software, and found the documentation, in most cases, is pretty bad -
but usually, through a lot of experimentation, I got stuff working. I also
spent quite a bit of time browsing in my local book store before deciding
which books looked like they would be most helpful, and bought a few (or
had my partner buy them). I will admit I'm a pretty independent type,
preferring to find the answer myself most of the time, if possible, because
that way I _know_ the answer, rather than just having applied a recipe
someone else came up with, which makes further problems easier to solve. I
also read the essay by Eric S. Raymond about "How To Ask Questions The
Smart Way" published at
http://www.tuxedo.org/~esr/faqs/smart-questions.html (referenced on the
Apache bug reporting page) and found it matches my mind set pretty well. I
guess I'm a hacker (as opposed to a cracker) and thought this mailing list
was composed of people with similar backgrounds - and I've been perterbed
by the number of users asking questions that are repeatedly answered in
lots of the resources that are commonly available. My brusque reply was a
consequence of what I see as clutter in my mailbox.

I would prefer to not have to unsubscribe from this list: There are some
real problems brought up from time to time, and I would like to contribute
some of my time and effort to solving them. In addition, solutions to some
problems I have had turn up from time to time as well.

As an example of the former, last week Sivakatirswami <katir@hindu.org>
asked about "CGI Handling ErrorDocument 404/Redirect to external URI" which
led me to find a bug in the Apache code.

Re. the latter, today, "Allen May" <umayxa3@donet.com> is asking about "I'm
being scanned... What do I do?" When I saw similar entries in my server's
logs, I read through the comp.security.unix newsgroup and determined it's
Nimda activity. Since no one had said anything about what to do, I _then_
asked for advice about how to report the problem. The reply in the
newsgroup merely confirmed my suspicion, but didn't offer any advice. In
_this_ mailing list, though, Daniel Lopez <daniel@rawbyte.com> offered a
link that speaks of dealing with Code Red, not Nimda. It's a clue,
however, and in following up on it, I expect to build a similar reporting
tool to handle Nimda scans, which I will contribute to the community as
part of my payment for the free software I'm using.

It's challenges/solutions/resources such as I've described in the last two
paragraphs I like to see in my mailbox, not questions that sound like
they're from someone who wants their work done for them. If my answers
seem rude, I guess you should ignore them - and the work I do. I would
really recommend reading Eric's essay, though...

-- Fred Koschara, President
L5 Development Group
________________________________________________________________________
For private sector (commercial) space development, visit
http://www.L5Development.com
L5 Software Development - "out of this world" sites and software
http://www.L5Software.com
StudioLines.com - Your place on the Internet for local music
Music, feedback, connections. Tap the power of the Internet!
http://www.StudioLines.com
How much did your last traffic ticket cost you?
http://www.StopHighwayRobbery.com
ThmIndxr(tm), the *only* HTML thumbnail/indexer you need!
http://www.L5Software.com/go?ThmIndxr
wCapLock(tm), makes CapsLock work like it does on a typewriter
http://www.L5Software.com/go?wCapLock
KeywordGo(tm), provides keyword access to your popular pages
http://www.L5Software.com/go?KeywordGo
BannerAds(tm), join multiple affiliate programs with one banner
http://www.L5Software.com/go?BannerAds
My personal Web page is http://www.L5Development.com/wfredk
Stop by some time!


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Hi Fred,

> was composed of people with similar backgrounds - and I've been perterbed
> by the number of users asking questions that are repeatedly answered in
> lots of the resources that are commonly available. My brusque reply was a
> consequence of what I see as clutter in my mailbox.

Everybody wants to keep the signal to noise ratio high. My comment was more
on the line of educating the users rather that telling them 'RTFM', even if
they ask a stupid question. It is better to point them to the FAQ
or the appropriate manual section and then remind me them that they
should have read that before. Most people thank this approach and improve
quickly, becoming in turn good contributors to the list.

> Re. the latter, today, "Allen May" <umayxa3@donet.com> is asking about "I'm
> being scanned... What do I do?" When I saw similar entries in my server's
> logs, I read through the comp.security.unix newsgroup and determined it's
> Nimda activity. Since no one had said anything about what to do, I _then_
> asked for advice about how to report the problem. The reply in the
> newsgroup merely confirmed my suspicion, but didn't offer any advice. In
> _this_ mailing list, though, Daniel Lopez <daniel@rawbyte.com> offered a

Yes, I replied that mail too quickly (One could argue there are so many IIS
worms it is hard to keep count :)

This one is a generic one:
http://www.tonkinresolutions.com/software/perl/Apache/MSIISProbes/

> link that speaks of dealing with Code Red, not Nimda. It's a clue,
> however, and in following up on it, I expect to build a similar reporting
> tool to handle Nimda scans, which I will contribute to the community as
> part of my payment for the free software I'm using.

[...]

> It's challenges/solutions/resources such as I've described in the last two
> paragraphs I like to see in my mailbox, not questions that sound like
> they're from someone who wants their work done for them. If my answers
> seem rude, I guess you should ignore them - and the work I do. I would
> really recommend reading Eric's essay, though...

I still think it is better to point them to the FAQ or the right resource
(including the essay you mention) instead of telling them RTFM. Or if you
really really really feel like telling them RTFM :) in addition point them
to the FAQ

Best regards

Daniel

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

On Mon, 31 Dec 2001 04:15, Daniel Lopez wrote:
> Hi Fred,
>
> > was composed of people with similar backgrounds - and I've been perterbed
> > by the number of users asking questions that are repeatedly answered in
> > lots of the resources that are commonly available. My brusque reply was
> > a consequence of what I see as clutter in my mailbox.
>
> Everybody wants to keep the signal to noise ratio high. My comment was more
> on the line of educating the users rather that telling them 'RTFM', even if
> they ask a stupid question. It is better to point them to the FAQ

I agree, this is an official apache USERs list which I
would hope includes naive first time users struggling to
come to terms with configuring apache. Professional and
hard core users know how to rtfm and have a many options,
even carefully selected book(s) to chose from... first
time users have a very narrow set of options and I would
like to think this list is primarily to assist novices,
not experts who can help themselves.

Is anyone considering taking the questions raised on this
list and creating an FAQ based on the answers offerred here ?
FWIW, the most frequent unanswerred question I've noted is
how to set up user perms "the right way". I am unaware of
any "best practices" online guides for apache.

--markc

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

> From: Mark Constable [mailto:markc@renta.net]

> Is anyone considering taking the questions raised on this
> list and creating an FAQ based on the answers offerred here ?
> FWIW, the most frequent unanswerred question I've noted is
> how to set up user perms "the right way". I am unaware of
> any "best practices" online guides for apache.

The FAQ from the Apache documentation *should* serve that role. I know it
is a little overwhelming in size, but... There are at least a couple
people on this list who are also participants in the documentation project:
http://httpd.apache.org/docs-project/ so if you suggest FAQs they will get
seriously considered for adoption in the documentation.

As far as that particular question (permissions), I'd like to see
suggestions on how to improve the existing security docs:
http://httpd.apache.org/docs/misc/security_tips.html

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

/home/web/account#/domain.com/public_html/

Fred Atkinson wrote:
>
> Wouldn't it be wonderful if we could offer the new users a step
> by step set of instructions on how to install Apache?
>
> Could we undertake this project? We could all offer revisions
> and I could try it out on my server to see how well tuned it is before
> we published it?
>
> What does everyone else thing?
>
> I have plenty of Web space available on my site. I'd be glad to
> put it there. Or, can we put it on the apache.org site?
>
> Fred
>
> On Mon, 31 Dec 2001 04:15, Daniel Lopez wrote:
> > Hi Fred,
> >
> > > was composed of people with similar backgrounds - and I've been perterbed
> > > by the number of users asking questions that are repeatedly answered in
> > > lots of the resources that are commonly available. My brusque reply was
> > > a consequence of what I see as clutter in my mailbox.
> >
> > Everybody wants to keep the signal to noise ratio high. My comment was more
> > on the line of educating the users rather that telling them 'RTFM', even if
> > they ask a stupid question. It is better to point them to the FAQ
>
> I agree, this is an official apache USERs list which I
> would hope includes naive first time users struggling to
> come to terms with configuring apache. Professional and
> hard core users know how to rtfm and have a many options,
> even carefully selected book(s) to chose from... first
> time users have a very narrow set of options and I would
> like to think this list is primarily to assist novices,
> not experts who can help themselves.
>
> Is anyone considering taking the questions raised on this
> list and creating an FAQ based on the answers offerred here ?
> FWIW, the most frequent unanswerred question I've noted is
> how to set up user perms "the right way". I am unaware of
> any "best practices" online guides for apache.
>
> --markc
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

I am quite willing to convert the instructions that are inside the apache
distribution zip files into a series of web pages and post them up into my
public_html directory on one of the apache servers. I already have a set of
easy to follow instrucitons for people who wish to mirror the apache.org
project up there. something like http://www.apache.org/~andrewk/docs/


http://www.apache.org/~andrewk/, check it out if you are an apache mirror
and give me your feedback so I can improve it and push for the existing
pages to be changed with these ones.

Regards

Andrew


-----Original Message-----
From: Webmaster [mailto:webmaster@rolysvirtualpets.com]
Sent: Monday, 31 December 2001 1:36 PM
To: users@httpd.apache.org
Subject: Re: Best way to do this


/home/web/account#/domain.com/public_html/

Fred Atkinson wrote:
>
> Wouldn't it be wonderful if we could offer the new users a step
> by step set of instructions on how to install Apache?
>
> Could we undertake this project? We could all offer revisions
> and I could try it out on my server to see how well tuned it is before
> we published it?
>
> What does everyone else thing?
>
> I have plenty of Web space available on my site. I'd be glad to
> put it there. Or, can we put it on the apache.org site?
>
> Fred
>
> On Mon, 31 Dec 2001 04:15, Daniel Lopez wrote:
> > Hi Fred,
> >
> > > was composed of people with similar backgrounds - and I've been
perterbed
> > > by the number of users asking questions that are repeatedly answered
in
> > > lots of the resources that are commonly available. My brusque reply
was
> > > a consequence of what I see as clutter in my mailbox.
> >
> > Everybody wants to keep the signal to noise ratio high. My comment was
more
> > on the line of educating the users rather that telling them 'RTFM', even
if
> > they ask a stupid question. It is better to point them to the FAQ
>
> I agree, this is an official apache USERs list which I
> would hope includes naive first time users struggling to
> come to terms with configuring apache. Professional and
> hard core users know how to rtfm and have a many options,
> even carefully selected book(s) to chose from... first
> time users have a very narrow set of options and I would
> like to think this list is primarily to assist novices,
> not experts who can help themselves.
>
> Is anyone considering taking the questions raised on this
> list and creating an FAQ based on the answers offerred here ?
> FWIW, the most frequent unanswerred question I've noted is
> how to set up user perms "the right way". I am unaware of
> any "best practices" online guides for apache.
>
> --markc
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

On Mon, 31 Dec 2001 12:24, Fred Atkinson wrote:
> Wouldn't it be wonderful if we could offer the new users a step
> by step set of instructions on how to install Apache?

Absolutely. The reason this probably does not (apparently)
exist is there are too many different setup requirements
and trying to cover them all begats a large book of details
which blows away it's immediate usefulness. I think the two
main needs are for a personal user to get apache up and
running at all in a ~/public_html type setup, and then a
typical (if that is possible) comprehensive vhost situation.

> Could we undertake this project? We could all offer revisions
> and I could try it out on my server to see how well tuned it is before
> we published it?

A "tiger team" of experienced apache users willing to put
in time to test and document current "best practises" for
various apache setups would be _brilliant_ !

> What does everyone else thing?

I'm on this list to garner small tidbits from others
experience and only too happy to contribute some effort
towards something like you suggest.

One possible method of initial input gathering could be
the use of a Wiki system like this...

http://wiki.netserva.com/?page=ApachE

> I have plenty of Web space available on my site. I'd be glad to
> put it there. Or, can we put it on the apache.org site?

We all could probably offer webspace but therein is another
problem... expecting some of use to feather the nest of
someone elses website can be self-defeating. A neutral space
like apache.org is best and I'm sure the folk there would be
pleased to get good content if the quality is high enough.

--markc

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Wouldn't it be wonderful if we could offer the new users a step
by step set of instructions on how to install Apache?

Could we undertake this project? We could all offer revisions
and I could try it out on my server to see how well tuned it is before
we published it?

What does everyone else thing?

I have plenty of Web space available on my site. I'd be glad to
put it there. Or, can we put it on the apache.org site?



Fred

On Mon, 31 Dec 2001 04:15, Daniel Lopez wrote:
> Hi Fred,
>
> > was composed of people with similar backgrounds - and I've been perterbed
> > by the number of users asking questions that are repeatedly answered in
> > lots of the resources that are commonly available. My brusque reply was
> > a consequence of what I see as clutter in my mailbox.
>
> Everybody wants to keep the signal to noise ratio high. My comment was more
> on the line of educating the users rather that telling them 'RTFM', even if
> they ask a stupid question. It is better to point them to the FAQ

I agree, this is an official apache USERs list which I
would hope includes naive first time users struggling to
come to terms with configuring apache. Professional and
hard core users know how to rtfm and have a many options,
even carefully selected book(s) to chose from... first
time users have a very narrow set of options and I would
like to think this list is primarily to assist novices,
not experts who can help themselves.

Is anyone considering taking the questions raised on this
list and creating an FAQ based on the answers offerred here ?
FWIW, the most frequent unanswerred question I've noted is
how to set up user perms "the right way". I am unaware of
any "best practices" online guides for apache.

--markc

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Yes thats right it doesn't work yet, it was only a suggestion.

Regards

Andrew


-----Original Message-----
From: Fred Atkinson [mailto:fatkinson@mishmash.com]
Sent: Monday, 31 December 2001 3:57 PM
To: users@httpd.apache.org
Subject: RE: Best way to do this


This one didn't work: http://www.apache.org/~andrewk/docs/

This one did: http://www.apache.org/~andrewk/



Fred


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org