Mailing List Archive: Cherokee: users

Ubuntu Karmic: Virtual Host in home directory

Index | Next | Previous | View Threaded

public at openinformation

Nov 8, 2009, 3:11 PM

Post #1 of 15 (1255 views)
Permalink

Ubuntu Karmic: Virtual Host in home directory

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everybody,

I use Cherokee on my laptop for some local wikis and test sites, and
always had all the sites in my /home directory. So far, that worked
fine. But since I upgraded to Ubuntu 9.10, the Virtual Hosts that point
to directories under my /home directory do not work anymore.

If I copy one of these sites to /var/www, everything works fine, so
Cherokee seems to be working properly.

The only thing I changed with the new Ubuntu version was the encryption
of my /home directory. Before, I did not use encryption. Could this be
the reason why Cherokee cannot access any site I have in /home?

And if so, is there anything I can do? I'd like to keep these sites in
my /home directory, if possible.

Best regards
Gregor

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkr3UBQACgkQepJNjKMaIWVUzQCgvdwiacTbVejakddUXmA1voFp
opoAmwRPnt4Mt2cL5XBdWg++4/ziSwS6
=zIdz
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

listas at enelserver

Nov 8, 2009, 6:29 PM

Post #2 of 15 (1221 views)
Permalink

Re: Ubuntu Karmic: Virtual Host in home directory [In reply to]

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi everybody,
>
> I use Cherokee on my laptop for some local wikis and test sites, and
> always had all the sites in my /home directory. So far, that worked
> fine. But since I upgraded to Ubuntu 9.10, the Virtual Hosts that point
> to directories under my /home directory do not work anymore.
>
> If I copy one of these sites to /var/www, everything works fine, so
> Cherokee seems to be working properly.
>
> The only thing I changed with the new Ubuntu version was the encryption
> of my /home directory. Before, I did not use encryption. Could this be
> the reason why Cherokee cannot access any site I have in /home?
>
> And if so, is there anything I can do? I'd like to keep these sites in
> my /home directory, if possible.
>
> Best regards
> Gregor
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkr3UBQACgkQepJNjKMaIWVUzQCgvdwiacTbVejakddUXmA1voFp
> opoAmwRPnt4Mt2cL5XBdWg++4/ziSwS6
> =zIdz
> -----END PGP SIGNATURE-----
> _______________________________________________
> Cherokee mailing list
> Cherokee [at] lists
> http://lists.octality.com/listinfo/cherokee
>

Cherokee is running as the www-data user that's why cherokee can't access
your files

so try running cherokee as your user

I haven't tried that on my encripted /home I don't have at this moment my
laptop with karmic (wife borrowed) to test it but I think should work.

Saludos

Leonel

_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

taher at unixwars

Nov 9, 2009, 12:17 AM

Post #3 of 15 (1221 views)
Permalink

Re: Ubuntu Karmic: Virtual Host in home directory [In reply to]

Leonel Nunez wrote:
>> fine. But since I upgraded to Ubuntu 9.10, the Virtual Hosts that point
>> to directories under my /home directory do not work anymore.
>>
>> If I copy one of these sites to /var/www, everything works fine, so
>> Cherokee seems to be working properly.
>>
>> The only thing I changed with the new Ubuntu version was the encryption
>> of my /home directory. Before, I did not use encryption. Could this be
>> the reason why Cherokee cannot access any site I have in /home
> Cherokee is running as the www-data user that's why cherokee can't access
> your files
>
>
+1
Looks like a problem with permissions to me.

--
taher [at] unixwars
http://unixwars.com/

_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

gwolf at gwolf

Nov 9, 2009, 5:28 AM

Post #4 of 15 (1214 views)
Permalink

Re: Ubuntu Karmic: Virtual Host in home directory [In reply to]

Leonel Nunez dijo [Sun, Nov 08, 2009 at 07:29:44PM -0700]:
> > I use Cherokee on my laptop for some local wikis and test sites, and
> > always had all the sites in my /home directory. So far, that worked
> > fine. But since I upgraded to Ubuntu 9.10, the Virtual Hosts that point
> > to directories under my /home directory do not work anymore.
> >
> > If I copy one of these sites to /var/www, everything works fine, so
> > Cherokee seems to be working properly.
> >
> > The only thing I changed with the new Ubuntu version was the encryption
> > of my /home directory. Before, I did not use encryption. Could this be
> > the reason why Cherokee cannot access any site I have in /home?
> >
> > And if so, is there anything I can do? I'd like to keep these sites in
> > my /home directory, if possible.
>
>
> Cherokee is running as the www-data user that's why cherokee can't access
> your files
>
> so try running cherokee as your user

Or rather, give the www-data user the rights to get to the directories
in question. Try _not_ to run the server as any user with permissions
to do anything other than what is really needed!

--
Gunnar Wolf • gwolf [at] gwolf • (+52-55)5623-0154 / 1451-2244
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

paul.bartell at gmail

Nov 9, 2009, 8:02 AM

Post #5 of 15 (1215 views)
Permalink

Re: Ubuntu Karmic: Virtual Host in home directory [In reply to]

so to clarify, you might want to chmod 750 <thedirectory> and then
chown username:www-data <your dir> . Or something similar.

On Mon, Nov 9, 2009 at 5:28 AM, Gunnar Wolf <gwolf [at] gwolf> wrote:
> Leonel Nunez dijo [Sun, Nov 08, 2009 at 07:29:44PM -0700]:
>> > I use Cherokee on my laptop for some local wikis and test sites, and
>> > always had all the sites in my /home directory. So far, that worked
>> > fine. But since I upgraded to Ubuntu 9.10, the Virtual Hosts that point
>> > to directories under my /home directory do not work anymore.
>> >
>> > If I copy one of these sites to /var/www, everything works fine, so
>> > Cherokee seems to be working properly.
>> >
>> > The only thing I changed with the new Ubuntu version was the encryption
>> > of my /home directory. Before, I did not use encryption. Could this be
>> > the reason why Cherokee cannot access any site I have in /home?
>> >
>> > And if so, is there anything I can do? I'd like to keep these sites in
>> > my /home directory, if possible.
>>
>>
>> Cherokee is running as the www-data user that's why cherokee can't access
>> your files
>>
>> so try running cherokee as your user
>
> Or rather, give the www-data user the rights to get to the directories
> in question. Try _not_ to run the server as any user with permissions
> to do anything other than what is really needed!
>
> --
> Gunnar Wolf � gwolf [at] gwolf � (+52-55)5623-0154 / 1451-2244
> _______________________________________________
> Cherokee mailing list
> Cherokee [at] lists
> http://lists.octality.com/listinfo/cherokee
>

--
Random quote of the week/month/whenever i get to updating it: "Quis custodiet
ipsos custodes?": "who shall watch the watchers themselves?" - Juvenal
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

public at openinformation

Nov 9, 2009, 8:25 AM

Post #6 of 15 (1213 views)
Permalink

Re: Ubuntu Karmic: Virtual Host in home directory [In reply to]

Hi everybody,

sorry, I didn't mention it, but I already tried that: i chowned the
respective directory to www-data, and I even set permissions to 777.
Yet, the problem remains. And before the Karmic-Update, the whole
installation worked fine, exact same paths and permissions.

Leonel, would be interesting to see whether it works on your laptop. I'm
currently installing another Karmic, without encrypted /home - maybe I
find the time to test it for myself later.

Best regards!

Gregor

Paul Bartell schrieb:
> so to clarify, you might want to chmod 750 <thedirectory> and then
> chown username:www-data <your dir> . Or something similar.
>
> On Mon, Nov 9, 2009 at 5:28 AM, Gunnar Wolf <gwolf [at] gwolf> wrote:
>> Leonel Nunez dijo [Sun, Nov 08, 2009 at 07:29:44PM -0700]:
>>>> I use Cherokee on my laptop for some local wikis and test sites, and
>>>> always had all the sites in my /home directory. So far, that worked
>>>> fine. But since I upgraded to Ubuntu 9.10, the Virtual Hosts that point
>>>> to directories under my /home directory do not work anymore.
>>>>
>>>> If I copy one of these sites to /var/www, everything works fine, so
>>>> Cherokee seems to be working properly.
>>>>
>>>> The only thing I changed with the new Ubuntu version was the encryption
>>>> of my /home directory. Before, I did not use encryption. Could this be
>>>> the reason why Cherokee cannot access any site I have in /home?
>>>>
>>>> And if so, is there anything I can do? I'd like to keep these sites in
>>>> my /home directory, if possible.
>>>
>>> Cherokee is running as the www-data user that's why cherokee can't access
>>> your files
>>>
>>> so try running cherokee as your user
>> Or rather, give the www-data user the rights to get to the directories
>> in question. Try _not_ to run the server as any user with permissions
>> to do anything other than what is really needed!
>>
>> --
>> Gunnar Wolf • gwolf [at] gwolf • (+52-55)5623-0154 / 1451-2244
>> _______________________________________________
>> Cherokee mailing list
>> Cherokee [at] lists
>> http://lists.octality.com/listinfo/cherokee
>>
>
>
>

_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

public at openinformation

Nov 9, 2009, 9:37 AM

Post #7 of 15 (1211 views)
Permalink

Re: Ubuntu Karmic: Virtual Host in home directory [In reply to]

Ok, I tested on a fresh Karmic install without encrypted /home directory
- here it works fine. Really seems like the encrypted directory makes
the difference.

Is there anything I could try to make these directories accessible to
Cherokee?

Gregor schrieb:
> Hi everybody,
>
> sorry, I didn't mention it, but I already tried that: i chowned the
> respective directory to www-data, and I even set permissions to 777.
> Yet, the problem remains. And before the Karmic-Update, the whole
> installation worked fine, exact same paths and permissions.
>
> Leonel, would be interesting to see whether it works on your laptop. I'm
> currently installing another Karmic, without encrypted /home - maybe I
> find the time to test it for myself later.
>
> Best regards!
>
> Gregor
>
> Paul Bartell schrieb:
>> so to clarify, you might want to chmod 750 <thedirectory> and then
>> chown username:www-data <your dir> . Or something similar.
>>
>> On Mon, Nov 9, 2009 at 5:28 AM, Gunnar Wolf <gwolf [at] gwolf> wrote:
>>> Leonel Nunez dijo [Sun, Nov 08, 2009 at 07:29:44PM -0700]:
>>>>> I use Cherokee on my laptop for some local wikis and test sites, and
>>>>> always had all the sites in my /home directory. So far, that worked
>>>>> fine. But since I upgraded to Ubuntu 9.10, the Virtual Hosts that point
>>>>> to directories under my /home directory do not work anymore.
>>>>>
>>>>> If I copy one of these sites to /var/www, everything works fine, so
>>>>> Cherokee seems to be working properly.
>>>>>
>>>>> The only thing I changed with the new Ubuntu version was the encryption
>>>>> of my /home directory. Before, I did not use encryption. Could this be
>>>>> the reason why Cherokee cannot access any site I have in /home?
>>>>>
>>>>> And if so, is there anything I can do? I'd like to keep these sites in
>>>>> my /home directory, if possible.
>>>> Cherokee is running as the www-data user that's why cherokee can't access
>>>> your files
>>>>
>>>> so try running cherokee as your user
>>> Or rather, give the www-data user the rights to get to the directories
>>> in question. Try _not_ to run the server as any user with permissions
>>> to do anything other than what is really needed!
>>>
>>> --
>>> Gunnar Wolf • gwolf [at] gwolf • (+52-55)5623-0154 / 1451-2244
>>> _______________________________________________
>>> Cherokee mailing list
>>> Cherokee [at] lists
>>> http://lists.octality.com/listinfo/cherokee
>>>
>>
>>
>
> _______________________________________________
> Cherokee mailing list
> Cherokee [at] lists
> http://lists.octality.com/listinfo/cherokee

_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

listas at enelserver

Nov 9, 2009, 9:50 AM

Post #8 of 15 (1208 views)
Permalink

Re: Ubuntu Karmic: Virtual Host in home directory [In reply to]

> so to clarify, you might want to chmod 750 <thedirectory> and then
> chown username:www-data <your dir> . Or something similar.
>

Karmic has the $HOME dir encripted with the user's key
so, That's why www-data can't access /home/theencripteddir/

I'll test later on a karmic server with the users home directory encrypted.

But can you please test with cherokee running as YOUR user not the www-data?

Saludos ..

Leonel

_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

public at openinformation

Nov 9, 2009, 9:53 AM

Post #9 of 15 (1222 views)
Permalink

Re: Ubuntu Karmic: Virtual Host in home directory [In reply to]

Hi Leonel,

I tried that before on the other machine, and here I get the same
result: when I change the User and Group in Cherokee Admin interface, I
cannot restart Cherokee and always get a 504 timeout.

Is there another way to run cherokee as my user?

Leonel Nunez schrieb:
>> so to clarify, you might want to chmod 750 <thedirectory> and then
>> chown username:www-data <your dir> . Or something similar.
>>
>
> Karmic has the $HOME dir encripted with the user's key
> so, That's why www-data can't access /home/theencripteddir/
>
> I'll test later on a karmic server with the users home directory encrypted.
>
> But can you please test with cherokee running as YOUR user not the www-data?
>
>
> Saludos ..
>
> Leonel
>
>
>
> _______________________________________________
> Cherokee mailing list
> Cherokee [at] lists
> http://lists.octality.com/listinfo/cherokee
>

_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

gwolf at gwolf

Nov 9, 2009, 10:25 AM

Post #10 of 15 (1212 views)
Permalink

Re: Ubuntu Karmic: Virtual Host in home directory [In reply to]

Gregor dijo [Mon, Nov 09, 2009 at 06:37:40PM +0100]:
> Is there anything I could try to make these directories accessible to
> Cherokee?
> >>> Or rather, give the www-data user the rights to get to the directories
> >>> in question. Try _not_ to run the server as any user with permissions
> >>> to do anything other than what is really needed!
> >
> > Leonel, would be interesting to see whether it works on your laptop. I'm
> > currently installing another Karmic, without encrypted /home - maybe I
> > find the time to test it for myself later.
> >
> > sorry, I didn't mention it, but I already tried that: i chowned the
> > respective directory to www-data, and I even set permissions to 777.
> > Yet, the problem remains. And before the Karmic-Update, the whole
> > installation worked fine, exact same paths and permissions.
> >
>
> Ok, I tested on a fresh Karmic install without encrypted /home directory
> - here it works fine. Really seems like the encrypted directory makes
> the difference.

Here it would be worth checking what semantics does «encrypted»
carry. The LUKS encryption mechanism (which has been part of Debian,
at least, since Etch - that means, since 2007, and must be part of
Ubuntu approximately from the same point) handles disk encryption
before mounting, but once the partition is mounted, it is completely
normal for the POSIX system that lives in it (that is, the encryption
is invisible to the programs, it is only a mechanism that ensures the
data is safer in case of a physical compromise).

If the new Ubuntu systems carry on-demand mounting/unmounting
encrypted bits of information, yes, my bet is you will have to store
the web-accessible directories outside the encrypted area. But it
would be very worth checking and understanding exactly what happens in
there. Encryption should not break the usability of the system inside
it!

Greetings,

--
Gunnar Wolf • gwolf [at] gwolf • (+52-55)5623-0154 / 1451-2244
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

gwolf at gwolf

Nov 9, 2009, 11:03 AM

Post #11 of 15 (1211 views)
Permalink

Re: Ubuntu Karmic: Virtual Host in home directory [In reply to]

Leonel Nunez dijo [Mon, Nov 09, 2009 at 10:50:09AM -0700]:
> > so to clarify, you might want to chmod 750 <thedirectory> and then
> > chown username:www-data <your dir> . Or something similar.
> >
>
> Karmic has the $HOME dir encripted with the user's key
> so, That's why www-data can't access /home/theencripteddir/
>
> I'll test later on a karmic server with the users home directory encrypted.
>
> But can you please test with cherokee running as YOUR user not the www-data?

That would be a VERY bad idea security-wise. Any vulnerability, either
in Cherokee or in any of the processes it spawns would automatically
have access to the whole directory. Even worse (and more likely), you
would only have to create a simple symlink to allow Cherokee to access
any other of the encrypted user files.

In any case, if you are encrypting a portion of your used directory,
it means it should be kept away from the world at large. If you want
to make part of your information public, well, keep it outside the
encrypted area!

You can achieve that (while keeping a congruent view to the user) by
setting up an unencrypted directory controlled (chown'ed) by the user
(call it if you want to /home/public/$user or whatever), and
symlinking it as /home/$user/public.

Greetings,

--
Gunnar Wolf • gwolf [at] gwolf • (+52-55)5623-0154 / 1451-2244
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

listas at enelserver

Nov 9, 2009, 11:32 AM

Post #12 of 15 (1213 views)
Permalink

Re: Ubuntu Karmic: Virtual Host in home directory [In reply to]

> Leonel Nunez dijo [Mon, Nov 09, 2009 at 10:50:09AM -0700]:
>> > so to clarify, you might want to chmod 750 <thedirectory> and then
>> > chown username:www-data <your dir> . Or something similar.
>> >
>>
>> Karmic has the $HOME dir encripted with the user's key
>> so, That's why www-data can't access /home/theencripteddir/
>>
>> I'll test later on a karmic server with the users home directory
>> encrypted.
>>
>> But can you please test with cherokee running as YOUR user not the
>> www-data?
>
> That would be a VERY bad idea security-wise. Any vulnerability, either
> in Cherokee or in any of the processes it spawns would automatically
> have access to the whole directory. Even worse (and more likely), you
> would only have to create a simple symlink to allow Cherokee to access
> any other of the encrypted user files.
>

> In any case, if you are encrypting a portion of your used directory,
> it means it should be kept away from the world at large. If you want
> to make part of your information public, well, keep it outside the
> encrypted area!
>
> You can achieve that (while keeping a congruent view to the user) by
> setting up an unencrypted directory controlled (chown'ed) by the user
> (call it if you want to /home/public/$user or whatever), and
> symlinking it as /home/$user/public.
>
> Greetings,

I know what implies,

what I've understood from the first mail this setup is for a test/devel
machine nothing going for producction

>
> --
> Gunnar Wolf • gwolf [at] gwolf • (+52-55)5623-0154 / 1451-2244
>

_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

bsdbrains at gmail

Nov 9, 2009, 6:48 PM

Post #13 of 15 (1209 views)
Permalink

Re: Ubuntu Karmic: Virtual Host in home directory [In reply to]

Ubuntu's "encrypt my home partition" option uses eCryptfs. See:

http://www.linux-mag.com/cache/7568/1.html

The article gets very deep into how to manage eCryptfs and how it
works. Very interesting.

But I do use luks on all my desktops and laptops. Of course, it's
transparent to userland, so it only provides protection when the
power is off. eCryptfs is a different beast, it integrates with
PAM to do it's job.

Gregor, it sounds like you should take Leonel's suggestion and
run cherokee as you. Do something like:

cherokee-admin --target ~/lib/cherokee/devserver.conf

Then make your choice of starting config. Cherokee is soooo
damn friendly when starting from scratch.

Good luck,
Dave

On Nov 9, 1:32�pm, "Leonel Nunez" <lis...@enelserver.com> wrote:
> > Leonel Nunez dijo [Mon, Nov 09, 2009 at 10:50:09AM -0700]:
> >> > so to clarify, you might want to chmod 750 <thedirectory> and then
> >> > chown username:www-data <your dir> . Or something similar.
>
> >> Karmic has the $HOME dir �encripted with the user's key
> >> so, That's why �www-data can't access � /home/theencripteddir/
>
> >> I'll test later on a karmic server with the users home directory
> >> encrypted.
>
> >> But can you please test with cherokee running as YOUR user not the
> >> www-data?
>
> > That would be a VERY bad idea security-wise. Any vulnerability, either
> > in Cherokee or in any of the processes it spawns would automatically
> > have access to the whole directory. Even worse (and more likely), you
> > would only have to create a simple symlink to allow Cherokee to access
> > any other of the encrypted user files.
>
> > In any case, if you are encrypting a portion of your used directory,
> > it means it should be kept away from the world at large. If you want
> > to make part of your information public, well, keep it outside the
> > encrypted area!
>
> > You can achieve that (while keeping a congruent view to the user) by
> > setting up an unencrypted directory controlled (chown'ed) by the user
> > (call it if you want to /home/public/$user or whatever), and
> > symlinking it as /home/$user/public.
>
> > Greetings,
>
> I know what implies,
>
> what I've understood from the first mail this setup is for a test/devel
> machine nothing going for producction
>
>
>
> > --
> > Gunnar Wolf � gw...@gwolf.org � (+52-55)5623-0154 / 1451-2244
>
> _______________________________________________
> Cherokee mailing list
> Chero...@lists.octality.comhttp://lists.octality.com/listinfo/cherokee
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

public at openinformation

Nov 14, 2009, 11:58 AM

Post #14 of 15 (1189 views)
Permalink

Re: Ubuntu Karmic: Virtual Host in home directory [In reply to]

Thanks for all your feedback and sorry for the late reply.

Leonel, you understood correctly, it is a machine solely for testing
purposes, so I tried running Cherokee with my user, as you suggested. I
never managed to get Cherokee running, however. The change of the user
in cherokee-admin always resulted in a 504-gateway timeout when trying
to restart the server.

The same happened when I tried Dave's suggestion to start Cherokee from
scratch.

By this time, I decided to reinstall Karmic without encrypted /home
directory. I don't really need it, and I like the convenience of having
my test sites accessible for Cherokee in my /home directory, without any
modifications. That's also the reason why I did not try Gunnar's suggestion.

Without encrypted /home, the set up now works fine, as it did before.

Thanks again for your helpful suggestions.
Gregor
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

oli at thepcspy

Nov 16, 2009, 2:21 AM

Post #15 of 15 (1184 views)
Permalink

Re: Ubuntu Karmic: Virtual Host in home directory [In reply to]

Rather than dumping encryption (which does have plenty value on a mobile
desktop system), you could create the users' web dirs outside $HOME and ln
or even mount-bind them in so users see the directory where they expect but
it's not encrypted...

I know I'm stating the obvious and it's not totally secure.. but it is *more
secure* than dumping encryption fully... And probably more secure than
giving your server the keys to your $HOME.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads