How does Apache control which user visit's a website?
This is a discussion on How does Apache control which user visit's a website? within the Apache Web Server forums, part of the Web Server and Related Forums category; I don't see a user (nor a group) created in lusrmgr.msc. So it appears that the Apache controls ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-01-2006
|
|||
|
|||
How does Apache control which user visit's a website?
I don't see a user (nor a group) created in lusrmgr.msc. So it
appears that the Apache controls are all 100% self-contained rather than relying upon the Windows Users and Groups. Anyone able to provide some comments or links for reading? Thanks, much. Jim Carlock Post replies to the newsgroup. |
|
01-01-2006
|
|||
|
|||
|
Re: How does Apache control which user visit's a website?
Jim Carlock wrote:
> I don't see a user (nor a group) created in lusrmgr.msc. So it > appears that the Apache controls are all 100% self-contained > rather than relying upon the Windows Users and Groups. On Windows, Apache runs with the permissions of the Local System account, if you're meaning this? So if your deny file access for the local system account, Apache cannot read the file. -- Robert |
|
01-01-2006
|
|||
|
|||
|
Re: How does Apache control which user visit's a website?
"Robert Ionescu" <robsiegen@gmail.com> wrote:
> On Windows, Apache runs with the permissions of the Local > System account, if you're meaning this? So if your deny file > access for the local system account, Apache cannot read > the file. Thanks, Robert. Yes, I see that it starts up under the System account. But does that mean anyone that visits a computer running Apache gets Full Control to every folder on the system? Where does the read/write access applied by Apache come into play? Does it automatically prevent write, creation, deletion and execution permissions? The system account typically has Administrative control of the system and anything that runs under the Local System account gets full control of the system. On Win2K and XP, my understanding is that many system services run under the "Local System (System)" account. In comparison, when IIS installs itself, it automatically creates an IUSR_<machine_name> account and employs that account to the folder wwwroot (htdocs for Apache). The IUSR account gets the appropriate permissions for reading (and execution) of a couple IIS DLLs, and then get read permissions for the inetpub\wwwroot folder. So my question really involves, when someone visits an HTTP site hosted via Apache on an Windows system, it appears that Apache itself controls all rights, without employing lusrmgr.msc for any management. Would you happen to have a link which explains such things, ie, the rights assigned by Apache, perhaps? I notice there's alot of things inside the httpd.conf file, and that ..htaccess files might get implemented for some things. I noticed the configuration for https and http both. I also noticed that there's quite a bit inside the php.ini file. And my IIS background brought the questions about user rights to the forefront. Is it all controlled through the httpd.conf? I see Apache as providing ways to create names and directing names to certain folders. I'm fumbling around with how execution rights get assigned though. Thanks much for your time and help. Jim Carlock Post replies to the newsgroup. |
|
01-03-2006
|
|||
|
|||
|
Re: How does Apache control which user visit's a website?
Jim Carlock wrote:
> "Robert Ionescu" <robsiegen@gmail.com> wrote: >> On Windows, Apache runs with the permissions of the Local >> System account, if you're meaning this? So if your deny file >> access for the local system account, Apache cannot read >> the file. > > Thanks, Robert. Yes, I see that it starts up under the System > account. But does that mean anyone that visits a computer > running Apache gets Full Control to every folder on the > system? No, Apache (the application) itself can read the file, but this does not mean that Apache would serve the file. > Where does the read/write access applied by > Apache come into play? Apache will serve only files from locations which are specified in your httpd.conf. In general: this are files within the Docoment_root tree (if doc-root is set to c:/htdocs, Apache will serve only files from c:/htodcs and below) and directories specified th the Alias and ScriptAlias directive. > Does it automatically prevent write, > creation, deletion and execution permissions? Also, in httpd.conf, you'll find a restrictive general directory-Container, <Directoty /> This one applies for the whole file system. Just place there a Order Allow,Deny Deny from all and general access is forbidden. Now, for your htdocs <directory>-container like <Directoty "C:/htdocs"> you must explicitly allow access like Order Deny,Allow Allow from all So with this specific htdocs directory container, you are overriding the restrictive general container. > So my question really involves, when someone visits an > HTTP site hosted via Apache on an Windows system, it > appears that Apache itself controls all rights, without > employing lusrmgr.msc for any management. Exactly. Apache is more or less platform independent. All you have to do is to compile apache on your platform. There is no need to run apache as a local system service, the account can be changed in the properties of that service in the windows service manager. You can also start Apache from the windows command, I guess in this case it will under your logged-in windows account? > Would > you happen to have a link which explains such things, > ie, the rights assigned by Apache, perhaps? May be http://www.petefreitag.com/item/505.cfm is a good start. -- Robert |
Linear Mode
