[ngw] OT: SLES Apache management advice

James Taylor James.Taylor at eastcobbgroup.com
Wed Aug 12 13:01:50 UTC 2015


You could reset the permissions on the to wwwrun:www, with group r/w, and add users to the www group. Could get a little messy. You'd probably need to add some sticky bits in the mix so file permissions don't get reset if anyone needs to edit anything.
-jt 
 

James Taylor
678-697-9420
james.taylor at eastcobbgroup.com



>>> "Jim Gosney" <jgosney at genesco.com> 8/12/2015 8:56 AM >>> 
Sudo works of course for executables and scripts but just for general rights, I guess I'm limited to just assigning explicit rights at the file or directory level as needed?
 
I would think SuSE would add a APACHE group and set it as the group owner of anything apache related so the ownership would be ROOT/APACHE instead of ROOT/ROOT.  Hmmm.

I may look into this NetIQ PUM.
 
 
 

>>> "James Taylor" <James.Taylor at eastcobbgroup.com> 8/12/2015 7:47 AM >>>
Sudo is probably your best option short of using a product like NetIQ Privileged User Manager.
-jt



James Taylor
678-697-9420
james.taylor at eastcobbgroup.com



>>> "Jim Gosney" <jgosney at genesco.com> 8/12/2015 8:27 AM >>> 
We've got a SLES server running Apache and we want to give certain
individuals the rights to fully manage the apache part of the server. 
Problem is that the ownership of apache seems to be ROOT/ROOT for
EVERYTHING,

I've set up SUDO so the user can start and stop the apache server using
/etc/init.d/apache2 script.  And I've given full rights (recursively) to
/etc/apache2 to the user using an ACL.  But I'm wondering if there is an
easier/better way to do this.  I'm hesitant to make the user a member of
the ROOT group as I don't want to give them too many rights but I also
don't want to be nickel and dimeing it where I have to keep giving the
explicit rights to other files as they come across the need.

Any advice would be appreciated.


~+~^~+~^~+~^~+~^~+~^~+~^~+~^
Jim Gosney
* Linux System Engineer
* Groupwise System Engineer
* Mobility Server Admin
Genesco, Inc.
Nashville, TN
615-367-7850






CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential
and may also be privileged. No waiver of any legal privilege or
proprietary right is intended or shall be deemed to have occurred by the
transmission of this e-mail or its contents or attachments to any person
other than the originally intended recipient.  If you are not an
intended recipient of this e-mail, you are hereby notified that any
unauthorized use, dissemination, storage or copying of this e-mail or
the information contained in it or attached to it is strictly
prohibited. If you have received this e-mail in error, please delete it
and immediately notify the sender by telephone. Thank you. 


_______________________________________________
ngw mailing list
ngw at ngwlist.com
http://ngwlist.com/mailman/listinfo/ngw




CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential and may also be privileged. No waiver of any legal privilege or proprietary right is intended or shall be deemed to have occurred by the transmission of this e-mail or its contents or attachments to any person other than the originally intended recipient.  If you are not an intended recipient of this e-mail, you are hereby notified that any unauthorized use, dissemination, storage or copying of this e-mail or the information contained in it or attached to it is strictly prohibited. If you have received this e-mail in error, please delete it and immediately notify the sender by telephone. Thank you. 



More information about the ngw mailing list