Hello, I am learning the basics of linux servers so I am green.
I have an Ubuntu server upon which there are websites that I have inherited. In a fit of security worry I decided to check out the ownership of the web site files.
They are all 2016:sites.
If I run the command 'cat /etc/group | more' I can see that the group exists. But when I run 'lastlog' the user 2016 does not appear.
I started to worry that 2016 might be the username of web users connecting from the web so I set the permissions on a testfile to chmod 600, giving read permissions to only the file owner. Sure enough I could still access the file from the web.
Can anyone suggest what is going on here? I tried creating a new user and giving them file ownership but then when I access the file from the web it wants me to have all directories up stream owned by the same person.
Thanks
-
check your apache configurations, usually in
/etc/apache2/or/etc/httpd/or/etc/apache, and look through the configuration for the directiveUser, ifUseris numeric 2016, that's just how it is set up.do you know if the server is running with
SELinuxor any 'non-standard' configurations going on on it?you can also do
ps aux | grep apache(orgrep httpd, mileage may vary), to see the user/userid that the service is running as. for example:www-data 14549 0.0 1.0 23340 9864 ? S May17 0:00 /usr/sbin/apache2 -k startshows me
www-datais the user running apache2 on my site.let us know what you find out.
columbo : Thanks very much cpbills. I found what I think is my apache2 config file at /etc/apache2/apache.conf, it says User is www-data. When I do 'ps aux | grep apache' I get www-data also. Which is good I think as it means the user that my web visitors are (www-data) is not the user that owns my web files (2016). But it does leave me confused as to why when I change the permissions on a test file so that only the owner (2016) has permissions to read I can still see the file from the web. It makes me still wonder where the 2016 is coming from.cpbills : 2016 could be the UID who owned the file on your last server, perhaps? or perhaps something like suphp is installed, and running scripts/etc as a different user. the UID doesn't show in `/etc/passwd` anywhere? i.e. `grep 2016 /etc/passwd` ?columbo : No, Not there, it must be an orphaned one as Nate suggests perhaps. Thanks for your help.cpbills : were/are the permissions on the file `600` i.e. `-rw-------` or were they more permissive, like `-rw-rw-rw-` ?columbo : Yes it's: -rw------- 1 2016 sites 25 May 18 14:25 test.php But I can still access it from the web which doesn't make sence to me as my apache user is www-data (so this will be the user for web visitors...I think) and the file owner permissions are for 2016 only.From cpbills -
2016 is a uid. Every user account has a name (like
root) and a uid. Normally the uid is only shown if there is no matching user account. This can happen if the file was previously owned by a valid user, but later that user was deleted. The file’s owner wasn’t changed, so now the file is owned by a non-existent uid.You probably want to assign ownership of the file to another user (using the
chowncommand). Possibly you would assign it towww-data, which is the user commonly used for Apache. However, it really depends on your site.For comparison with Windows, have you ever seen the file properties/permissions list showing a GUID instead of a user name? The same type of thing is happening here: the permission or ownership is assigned to a user who no longer exists.
columbo : Thanks Nate. When I try to re-assign ownership it wants me to make all parent directories up stream the same owner and I'm scared of messing things up. So I'll probably have a go at doing a recursive chown on a Sunday or someother quiet timeFrom Nate
0 comments:
Post a Comment