使用Apache挂载的卷上的权限问题
[英]Permission problems on a mounted volume with Apache
问题描述
So, I have a Mac Snow Leopard server (Server A) and I've been using a self-built Apache for it, but it's been acting up lately and I want to use the built in. But since this is a production server, I want to test it out first, mounting the appropriate directories on my second server (Server B) and testing it. 
因此,我有一台Mac Snow Leopard服务器(服务器A),并且一直在使用自建的Apache,但最近它一直在运行,因此我想使用内置的。但是,由于这是生产服务器,我想先对其进行测试,然后在第二台服务器(服务器B)上安装适当的目录并进行测试。
So I mount the "/Atlas" directory (my entire CMS) of Server A on Server B with this command: 因此,我使用以下命令在服务器B上安装服务器A的“ / Atlas”目录(我的整个CMS):
mount_hfs afp://username:password@server_a/Atlas /Atlas
After having manually created the /Atlas directory. 手动创建/ Atlas目录之后。
Now, when pointing a virtual host to have DOCUMENT_ROOT at "/Atlas/Sites/sandman/" (which is the correct path for that site on Server A) and surfing to the site, Apache reports a 403 (Access forbidden) and says it can't read the file ("You don't have permission to access the requested object. It is either read-protected or not readable by the server.") 现在,当将虚拟主机指向“ / Atlas / Sites / sandman /”(这是服务器A上该站点的正确路径)的DOCUMENT_ROOT并浏览该站点时,Apache报告403(禁止访问)并说无法读取文件(“您无权访问所请求的对象。它是受读保护的,或者服务器无法读取。”)
Now, the files are owned by user "sandman" on both machines, and Apache on Server A is run by user "sandman", but on the built in Apache on Server B it is owned by user "_www" with UID 70. The files are readable by "world" so user _www SHOULD be able to read them just fine. 现在,文件在两台计算机上均由用户“ sandman”拥有,服务器A上的Apache由用户“ sandman”运行,但是在服务器B上的内置Apache上,文件归用户“ _www”使用UID 70。文件可以被“世界”读取,因此用户_www应该能够正常读取它们。
Anyone knows what the problem may be? 有人知道可能是什么问题吗? I was hoping that I could perhaps store the CMS files on Server C (ie a third server) and mount it on both servers and then load balance between them. 我希望我可以将CMS文件存储在服务器C(即第三台服务器)上,并将其安装在两个服务器上,然后在它们之间进行负载平衡。
Any ideas? 有任何想法吗? Thanks! 谢谢!
2 个解决方案
解决方案1
0 2011-01-06 12:47:33
Check that you can really read the files as user _www and that you can list them. 检查您是否可以以_www用户的身份真正读取文件并可以列出它们。
Maybe you're missing a diectory listing right for user _www. 也许您缺少用户_www的产品目录列表权限。 It's the execution right on directories for *Nix systems. 这是* Nix系统目录上的执行权。
解决方案2
0 2011-01-06 19:04:07
What user did you run the mount command as? 您以什么用户身份运行mount命令? (note: I assume it's really mount_afp, not mount_hfs.) That user will wind up "owning" the server connection, and will be the only one that gets authenticated access to the server files; (注意:我假设它实际上是mount_afp,而不是mount_hfs。)该用户最终将“拥有”服务器连接,并且将是唯一获得对服务器文件的身份验证访问的用户。 other users on the AFP client computer will get the equivalent of guest access to server files. AFP客户端计算机上的其他用户将获得来宾对服务器文件的访问权限。 You can view the connection ownership with the mount command: 您可以使用mount命令查看连接所有权:
$ mount
/dev/disk0s2 on / (hfs, local, journaled)
devfs on /dev (devfs, local, nobrowse)
map -hosts on /net (autofs, nosuid, automounted, nobrowse)
map auto_home on /home (autofs, automounted, nobrowse)
afp_0TQ55t0XgDP800dNMO0Pyetl-1.2d00000a on /Volumes/Public (afpfs, nodev, nosuid, mounted by gordon)
From your description, it sounds like it should be working despite this (since the files are world-readable on server B)... but it still might be worth performing the mount under the _www user ID. 从您的描述看来,尽管如此,它似乎仍应正常工作(因为文件在服务器B上是世界可读的)...但是,仍然值得在_www用户ID下执行挂载。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.