Blog

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Question:

I'm trying to not give 777 permission in my /var/www/html folder, but I want to edit my files without sudo. So I though in create a symlink of a folder in my home directory within /var/www/html. I created it using sudo ln -sT /home/andre/www/moodle/ moodle , and the ls -la output is this:

andre@andre-270E5G:/var/www/html$ ls -la
total 8
drwxr-xr-x 2 root root 4096 Mai 4 10:20 .
drwxr-xr-x 4 root root 4096 Abr 29 14:29 ..
lrwxrwxrwx 1 root root 23 Mai 4 10:20 moodle -> /home/andre/www/moodle/

So, my moodle folder has read, write and execute permissions for everyone, and thats not what I want. I used the command sudo chmod -R 775 moodle/ trying to change it, but it stayed with read, write and execute permissions to all. I tried the same with the moodle folder in /home/andre/www/moodle, but it stayed the same. The output of ls -la in /home/andre/www/ is:

andre@andre-270E5G:~/www$ ls -la
total 28
drwxrwxr-x 3 andre andre 4096 Mai 4 10:02 .
drwx------ 49 andre andre 20480 Mai 4 10:01 ..
drwxrwxr-x 41 andre andre 4096 Mai 4 10:02 moodle

So the folder moodle in /home/andre/www/ has the permissions I want.

As an additional problem, when I access localhost/moodle I get 403 Forbidden error.

What I'm doing wrong here?

 

 

Answer:

You should never have to run a website out of your home directory. EVER. You would otherwise have to give the web server the ability to traverse through /home/ to see the directory structure, but also into /home/$USER/ (your user's home directory, where we can try and see what else exists in your user directory), as well as any other subfolders in there. A poorly-configured or misconfigured or unpatched web server can cause massive data leakage this way, or loss of credentials and such which would put your personal data and logins on different things at risk. The symlink approach you are using doesn't help either for the same reason as trying to give Apache permissions to read /home/andre/www/moodle - the web server has to be able to traverse your home directory to get to the location that the symlink in /var/www/html points to, which still poses that security risk.

Firstly, use sudo cp -r /home/andre/www/moodle/ /var/www/html/. This will copy your files to /var/www/html, and keep it away from your own home directory. We'll then redo the permissions so you and the web server can access everything in that directory, and give your user full read/write to all the files and directories. Then, you will only ever have to work out of /var/www/html for your site.

This is in effect, four steps, after you copy your data back to /var/www/html:

  1. Give Apache access to the folders and files, so it can serve the site without 403 errors.
  2. Give your user 'owner' over the files and folders, and give yourself read/write on all of the files and folders, as well as the ability to traverse the directories.
  3. (Optional but recommended) Set it up such that any files or folders created from hereon in the entirety of the directory structure has the group set to be www-data.
  4. (Optional) Final security cleanup, where we set up permissions so you and the web server can see the site data, but other users cannot access files or the directory structure for the site.

(1) Allow Apache access to the folders and the files.

sudo chgrp -R www-data /var/www/html
sudo find /var/www/html -type d -exec chmod g+rx {} +
sudo find /var/www/html -type f -exec chmod g+r {} +

This recursively sets the 'group' to be www-data for the folders and files. This then gives the web server permission to recurse and get access to the site document root directories structure (+x for directories only). It then also ensures the web server has read permissions for all files, so site data can be received.

There may be some cases where you have to give the web server write permission to a file, or to a directory - this can be achieved by doing sudo chmod g+w /var/www/html/PATH (where PATH is the path to the file or folder in the directory structure where you need to apply the write permissions for the web server).

NOTICE: There are a lot of cases where this may expose 'secure' information about a site configuration (such as database access credentials, etc.), and you should remove 'other' access permissions to that data on those individual files or directories with the following: sudo chmod o-rwx /var/www/html/FILEPATH (replacing FILEPATH with the path relative to the /var/www/html folder for the file).

Note also that you may have to re-run these commands in the future if 'new files' get 403 issues, in order to give correct permissions to the web server to keep being able to access files and folders that are created or copied in and aren't getting the www-data group set correctly.


(2) Give your owner read/write privileges to the folders and the files, and permit folder access to traverse the directory structure.

sudo chown -R USER /var/www/html/
sudo find /var/www/html -type d -exec chmod u+rwx {} +
sudo find /var/www/html -type f -exec chmod u+rw {} +

Replace USER in the first command with your own username!

We do three things here. First, we set your user to be the "Owner" of all the files and directories in /var/www/html. Next, we set read and write permissions on the folders, and permit you to access the folders to go into them (the +x item on the directory items). We then set all the files to have read/write permissions for the owner, which we just set.


(3) (Optional) Make sure every new file after this is created with www-data as the 'access' user.

sudo find /var/www/html -type d -exec chmod g+s {} +

This sets the "set gid" bit for the group on the directories. Files and folders created inside these directories will always have www-data as the group, permitting the web server access.


(4) (Optional) Final security cleanup, if you don't want other users to be able to see the data

We need your user to see the directories and files. We need the web-server to do so too. We may not want other system users (except root) to see the data. So lets not give them that access, and make it so only your user and the web server can see the data.

sudo chmod -R o-rwx /var/www/html/

NOTE: You will not have to re-run this at a later time, or edit the permissions for the 'other' category of permissions here. If the 'other' users can't get to /var/www/html/ (they don't have the necessary +x bit on /var/www/html to traverse the filestructure and directory structure, nor the +r bit to read the file lists), then the permissions on items underneath that directory for other users or groups isn't really going to matter too much.

 

 

 

source http://askubuntu.com/questions/767504/permissions-problems-with-var-www-html-and-my-own-home-directory-for-a-website

 

Add a comment

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Hi there. Been long. For as long as I can remember, this is how I think of starting conversations with people. I however end up to use the phrases less then often. So, hi there.

For the last, almost a month, I've been good. Not to everyone though. I've been setting more time for God...clap for me and smile. That's good. I advice you to do this. Reasons for sparing time, more time I mean, is just because it's cool. It doesn't hurt in any way to set time to just go to church and pray.

So many factors say no to this. Let's start with the thought of seats are dusty, and there's no much hype of midweek services, like most 'church big-wigs' are still working, stuck in traffic, hot and sweaty....the list is endless. Going to church on a wednesday is just hectic, many will say. Many still say.

First time I attended a service, my pastor had called. Didn't say much. I agreed. He was giving a sermon on 'good culture'. Creating your own culture. Made lotsa sense. He gave examples that made sense. He also doesn't shout on the mic. I dislike verbally violent religious people. I always tell people to raise their arguements and not their voices when they start getting rude. It beats logic to shout when teaching. You might be instilling fear instead on knowledge.

So, I learnt about new stuff to do. Stuff like exercising  my free will better, sharing word with people, sacrificing more for people and above all, love. With this, you're good. I target this in all I do. I'm not good in memorizing verses but I know there's a verse somewhere that speaks about Love covering a multitude of sins. I want mine covered if not eliminated.
Another verse also says you should have Faith, Love and Hope. The Good Book expounds and says that the biggest of all those is Love.

I knew all this before I started going for these services. The main aim of going to church is to pray. Thank God for the week, thank Him for everything, pray for the rest of it to be more dope..pray for debtors to get money faster, clients to come faster...the list is endless. Ohh..about God answering prayers, He does. Some instantly. God answers them in funny ways. I pray to God like a son does to his father. Nice convos. I list some stuff, good and bad, nasty and sweet, ammending wherever I forget and so on. I advice you to do this. It gives me a calm effect.

Sometimes everything goes south and all that's left is music. That's when I turn it up and hear no evil as I let it sink in.

See you next wednesday.

 

Add a comment
Previous Next

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
From google, Database design is the process of producing a detailed data model of database. This data model contains all the needed logical and physical design choices and physical storage parameters needed to generate a design in a data definition language, which can then be used to create a database.
 
Physical database design translates the logical data model into a set of SQL statements that define the database. For relational database systems, it is relatively easy to translate from a logical data model into a physical database. Rules for translation: Entities become tables in the physical database.

  1. Use well defined and consistent names for tables and columns (e.g. School, StudentCourse, CourseID ...).
  2. Use singular for table names (i.e. use StudentCourse instead of StudentCourses). Table represents a collection of entities, there is no need for plural names.
  3. Don’t use spaces for table names. Otherwise you will have to use ‘{‘, ‘[‘, ‘“’ etc. characters to define tables (i.e. for accesing table Student Course you'll write “Student Course”. StudentCourse is much better).
  4. Don’t use unnecessary prefixes or suffixes for table names (i.e. use School instead of TblSchool, SchoolTable etc.).
  5. Keep passwords as encrypted for security. Decrypt them in application when required.
  6. Use integer id fields for all tables. If id is not required for the time being, it may be required in the future (for association tables, indexing ...).
  7. Choose columns with the integer data type (or its variants) for indexing. varchar column indexing will cause performance problems.
  8. Use bit fields for boolean values. Using integer or varchar is unnecessarily storage consuming. Also start those column names with “Is”.
  9. Provide authentication for database access. Don’t give admin role to each user.
  10. Avoid “select *” queries until it is really needed. Use "select [required_columns_list]" for better performance.
  11. Use an ORM (object relational mapping) framework (i.e. hibernate, iBatis ...) if application code is big enough. Performance issues of ORM frameworks can be handled by detailed configuration parameters.
  12. Partition big and unused/rarely used tables/table parts to different physical storages for better query performance.
  13. For big, sensitive and mission critic database systems, use disaster recovery and security services like failover clustering, auto backups, replication etc.
  14. Use constraints (foreign key, check, not null ...) for data integrity. Don’t give whole control to application code.
  15. Lack of database documentation is evil. Document your database design with ER schemas and instructions. Also write comment lines for your triggers, stored procedures and other scripts.
  16. Use indexes for frequently used queries on big tables. Analyser tools can be used to determine where indexes will be defined. For queries retrieving a range of rows, clustered indexes are usually better. For point queries, non-clustered indexes are usually better.
  17. Database server and the web server must be placed in different machines. This will provide more security (attackers can’t access data directly) and server CPU and memory performance will be better because of reduced request number and process usage.
  18. Image and blob data columns must not be defined in frequently queried tables because of performance issues. These data must be placed in separate tables and their pointer can be used in queried tables.
  19. Normalization must be used as required, to optimize the performance. Under-normalization will cause excessive repetition of data, over-normalization will cause excessive joins across too many tables. Both of them will get worse performance.
  20. Spend time for database modeling and design as much as required. Otherwise saved(!) design time will cause (saved(!) design time) * 10/100/1000 maintenance and re-design time.

 

 

source: https://dzone.com/articles/20-database-design-best

Add a comment

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
  • Hi there. Am not a prodigy in docker or tech, but I do like learning new stuff and exploring heights. I love PHP too. I'm a member in several places where among other stuff[ read languages] being discussed is php.

    This week we met and a good dev called Otieno introduced me to docker, the right way.
    I made some simple notes in note form.  Jibambe.

  • Open platform of software containers
  • Differences:

 

-   Demerits

  • Containers run as root

  • Services can be resource intensive

 

-    3 Concepts

 

- Docker images ( think of them as git repos )

- Docker Registries

- Docker Containers

 

see the presentation here.

 

see the gist here.

 

fork [ I also forked :) ] the repo here, with some examples.

 

Add a comment

 

About Me

Oops...Almost forgot to say something about me. But anyway, I'm that guy, yule Msee, who'll sort out your techie issue and hails from the land of milk and honey. Not forgetting the bitter herbs too.

This is what am best at. Feel free to ask something. 

Latest News

22 November 2017
03 November 2017
24 September 2017

Latest Tweets

Search

Loading