Fourth day in Addis
Unix file permissions:
drwxr-xr-x 2 root root 38 2006-07-14
|
+- Is a directory
drwxr-xr-x 2 root root 38 2006-07-14
---
|
+- User permissions (u)
drwxr-xr-x 2 root root 38 2006-07-14
---
|
+- Group permissions (g)
drwxr-xr-x 2 root root 38 2006-07-14
---
|
+- Permissions for others (o)
drwxr-xr-x 2 root root 38 2006-07-14
----
|
+- Owner user
drwxr-xr-x 2 root root 38 2006-07-14
----
|
Owner group -+
Other bits:
-
4000 Set user ID:
- For executable files: run as the user who owns the file, instead of the user who runs the file
- For directories: I think it's not used
-
2000 Set group ID:
- For executable files: run as the group who owns the file, instead of the group of the user who runs the file
- For directories: when a file is created inside the directory, it belongs to the group of the directory instead of the default group of the user who created the file
-
1000 Sticky bit:
- For files: I think it's not used anymore
- For directories: only the owner of a file can delete or rename the file
The executable bit for directories means "can access the files in the directory".
If a directory is readable but not executable, then I can see the list of files (with ls) but I cannot access the files.
To access a file, all the directories of its path up to / need to be executable.
Commands to manipulate permissions:
- chown - change file owner and group
- chgrp - change group ownership
-
chmod - change file access permissions
-
sudo adduser enrico www-dataadds the userenricoto the groupwww-data.
Example setup for a website for students:
# Create the group 'students'
mkdir /var/www/students
chgrp students /var/www/students
chmod 2775 /var/www/students
# If you don't want other users to read the files of the students:
chmod 2770 /var/www/students
adduser www-data students
(this way the web server can read the
pages)
# when you add a user to a group, it does not affect running processes:
- users need to log out and in again
- servers need to be restarted
Apache:
-
To install apache2 without a graphical interface:
apt-cache search apache2 | less sudo apt-get install apache2 -
By default,
/var/wwwis where is the static website. -
By default,
~/public_htmlis the personal webspace for every user, accessible as:http://localhost/~user -
By default,
/usr/lib/cgi-bincontains scripts that are executed when someone browseshttp://website/cgi-bin/script -
By default, apache reads the server name from the DNS. If we don't have a name in the DNS and we want to use the IP, we need to set:
ServerName 10.4.15.158in
/etc/apache/apache2.conf(set it to your IP address) -
To access the Apache manual: http://localhost/doc/apache2-doc/manual/
-
http://localhost/doc/apache2-doc/manual/mod/mod_access.html The access control module
-
http://localhost/doc/apache2-doc/manual/mod/mod_auth.html The user authentication module
-
To edit a user password file, use:
htpasswd - Manage user files for basic authentication -
Example
.htaccessfile to password protect a directory:AuthUserFile /etc/apache2/students AuthType Basic AuthName "Students" Require valid-user -
Information about .htaccess is in http://localhost/doc/apache2-doc/manual/howto/htaccess.html
-
If you need to tell apache to listen on different ports, add a Listen directive to
/etc/apache2/ports.conf. Then you can use:<VirtualHost www.training.aau.edu.et:9000> [...] </VirtualHost> -
To setup an HTTPS website:
- Documentation is in http://localhost/doc/apache2-doc/manual/ssl/
-
How to create a certificate: http://www.tc.umn.edu/~brams006/selfsign.html
-
Create a certificate:
/usr/sbin/apache2-ssl-certificate -days 365
-
Create a virtual host on port 443:
[...]
-
Enable SSL in the VirtualHost:
SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem
-
Enable listening on the HTTPS port (
/etc/apache2/ports.conf):Listen 443
Apache troubleshooting:
-
check that there are no errors in the configuration file:
apache2ctl configtestThis it is always a good thing to do before restarting or reloading apache.
-
read logs in
/var/log/apache2/ -
if you made a change but you don't see it on the web, it can be that you have the old page in the cache of the browser: try reloading a few times.
To install PHP
apt-get install libapache2-module-php5- then by default, every file
.phpis executed as php code -
Small but useful test
phpfile:<? phpinfo() ?>
To install MySQL
apt-get install mysql-client mysql-server-
for administration run
mysqlas root:-
Create a database with:
create database students
-
-
Give a user access to the database:
# Without password grant all on students.* to enrico; # With password grant all on students.* to enrico identified by "SECRET"; -
More information can be found at http://www-css.fnal.gov/dsg/external/freeware/mysqlAdmin.html
To use MySQL from PHP:
apt-get install php5-mysqli php5-mysql
Problems found today:
-
the
apache2manual in/usr/share/doc/manualcan only be viewed using apache because it uses MultiView. So you need to have a working apache to read how to have a working apache. -
chmoddoes not have examples in the manpage.