[OpenAFS] Webserver, openAFS, kerberos
Lars Schimmer
l.schimmer@cgv.tugraz.at
Mon, 26 Feb 2007 14:59:38 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas Kula wrote:
> On Mon, Feb 26, 2007 at 01:52:14PM +0100, Alexander Al wrote:
>> Hi,
>>
>> We have a openAFS-server on FC5 and in time we will provide
>> a X window terminal server on our network. The latter isn't the proble=
m.
>> But there is also a request for servicing a Webserver. Now I have here
>> a problem, is there a system or method that users can have a public_ht=
ml
>> folder in their home-dirs on the openAFS-server but Apache can read
>> those directory's?
>=20
> I use k5start [1] to run Apache with a keytab that is used to=20
> get get afs credentials, and then set the ACLs on the directories
> holding the webpages appropriately so that the web server user=20
> can read the files.=20
>=20
> If you use public_html directories in a user's home directory,
> the user's home directory, of course, will need to have
> appropriate permissions so that the web server can get to
> the public_html directory --- "system:anyuser l" or
> "webuser l" or something like that.
Or make the public_html as another volume and mount this volume twice,
once in users home and once under webserver/folders or similar.
With this way you need to just set the permissions in the specific
folders, not in home/user anymore. But it=B4s a bit more work creating a
user...
> [1]: http://www.eyrie.org/~eagle/software/kstart/
>=20
>=20
MfG,
Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF4ufKmWhuE0qbFyMRAv6TAKCB2GnUSNm7aKAFHWmF3+Oq2En9rACfZ2xx
oezqVkv1KniPt8aGGWla7IE=3D
=3DOQUd
-----END PGP SIGNATURE-----