[OpenAFS] Webserver, openAFS, kerberos

Lars Schimmer l.schimmer@cgv.tugraz.at
Mon, 26 Feb 2007 14:59:38 +0100

Hash: SHA1

Thomas Kula wrote:
> On Mon, Feb 26, 2007 at 01:52:14PM +0100, Alexander Al wrote:
>> Hi,
>> We have a openAFS-server on FC5 and in time we will provide
>> a X window terminal server on our network. The latter isn't the proble=
>> But there is also a request for servicing a Webserver. Now I have here
>> a problem, is there a system or method that users can have a public_ht=
>> folder in their home-dirs on the openAFS-server but Apache can read
>> those directory's?
> I use k5start [1] to run Apache with a keytab that is used to=20
> get get afs credentials, and then set the ACLs on the directories
> holding the webpages appropriately so that the web server user=20
> can read the files.=20
> If you use public_html directories in a user's home directory,
> the user's home directory, of course, will need to have
> appropriate permissions so that the web server can get to
> the public_html directory --- "system:anyuser l" or
> "webuser l" or something like that.

Or make the public_html as another volume and mount this volume twice,
once in users home and once under webserver/folders or similar.
With this way you need to just set the permissions in the specific
folders, not in home/user anymore. But it=B4s a bit more work creating a

> [1]: http://www.eyrie.org/~eagle/software/kstart/

Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org