From: RYAN M. v. G. <lu...@co...> - 2007-07-19 06:49:12
|
Thanks for the prompt response as always Jamie the perms you suggest were already set to 755 Permissions on new home directories I changed the perms in the virtualmin module from 750 to 755 like this Permissions on website subdirectory 755 and left Add Apache user to Unix group for new servers? set to no seems to work alright some users will be upset with these perms i will have to do a little experimenting with perms to find the right settings ----- Original Message ----- From: Jamie Cameron <jca...@we...> To: Webmin users list <web...@li...> Sent: Wednesday, July 18, 2007 9:50:46 PM GMT-0700 Subject: Re: [webmin-l] virtualmin adding to many groups to www On 18/Jul/2007 22:08 RYAN M. vAN GINNEKEN wrote .. Ok have do some hours of work since my last post and have discovered the following. When a virtual domain is created using virtualmin it creates a user and a group with the same name ie user name king1 and group king1. Then it adds the newly created group king1 to the www group which is fine see below. This is fine for awhile until to many groups are members of the www group and apache complains and will not start also see below. There is actually a good reason for this - Apache needs access to the HTML files in each domain's ~/public_html directory, which is usually given 750 permissions. Unless Apache's user is in the domain's group, it won't have access to those files. How do i make this work better? I know that if i create a user called king1 and group king1 but do not add the group to the www group i will get permission denied errors from apache via a web browser. I have tried this by setting the Add Apache user to Unix group for new servers? from Yes automatic to No One work-around is to not have the home directories for new domains set to 750 permissions, which means that you don't need the Apache user to be in domains' groups. This can be configured by going to the Users and Groups module, clicking on Module Config and changing the Permissions on new home directories to 755. Hello all i am having trouble getting virtualmin to work right with freebsd 6.2 stable and apache 2.2.4. I believe my problem is related to having to many groups in the www group. these are in my /etc/group file king1::1007:www king2::1012:www king3::1011:www king4::1013:www king5::1010:www king6::1017:www king7::1014:www king8::1016:www king9::1015:www king10::1018:www king11::1020:www king12::1019:www king13::1020:www When i try to add another group king14::1021:www I get this error in apache [Wed Jul 18 20:23:08 2007] [notice] Graceful restart requested, doing restart [Wed Jul 18 20:23:09 2007] [warn] NameVirtualHost *:80 has no VirtualHosts [Wed Jul 18 20:23:09 2007] [warn] (22)Invalid argument: Failed to enable the 'httpready' Accept Filter [Wed Jul 18 20:23:09 2007] [notice] Digest: generating secret for digest authentication ... [Wed Jul 18 20:23:09 2007] [notice] Digest: done [Wed Jul 18 20:23:10 2007] [notice] Apache/2.2.4 (FreeBSD) DAV/2 PHP/5.2.2 with Suhosin-Patch mod_ssl/2.2.4 OpenSSL/0.9.7e-p1 configured -- resuming normal operations [Wed Jul 18 20:23:10 2007] [alert] (22)Invalid argument: initgroups: unable to set groups for User www and Group 80 [Wed Jul 18 20:23:10 2007] [alert] Child 12628 returned a Fatal error... Apache is exiting! [Wed Jul 18 20:23:10 2007] [alert] (22)Invalid argument: initgroups: unable to set groups for User www and Group 80 [Wed Jul 18 20:23:10 2007] [alert] (22)Invalid argument: initgroups: unable to set groups for User www and Group 80 It looks like you are hitting a bug / limitation in FreeBSD on the number of groups a user can be in. Other operating systems (like Linux) have a much higher limit .. I did some googling and found this article http://lists.freebsd.org/pipermail/freebsd-bugs/2005-March/011831.html. What is the best way to set this up as i do not what users to be able to see each others directories but apache must be able to see them all right? is the a way to just add each user to the www group instead of creating a group for each user then adding that group to the www group. I think that is what webmin is doing right? No, that won't work, as it is the www user that needs to access those directories. - Jamie -- Computer King & CaN Mail - Sales Service Hosting Backup http://www.computerking.ca http://www.canmail.org NEW!!! Custom Service Packages Secure IMAP Email - Automated Remote Backups - Photo Blogs - Online Accounting Packages |