I am trying to install RackTables on a Ubuntu Server 13. I have followed all the steps on the documentation. When I get to the step after I connect to the database I cant seem to figure out the ownership settings. I have set up the database as follows :
mysql -uroot -p
create database racktables;
grant all on racktables.* to root;
grant all on racktables.* to root@localhost;
grant all on racktables.* to rackuser;
grant all on racktables.* to rackuser@localhost;
set password for rackuser@localhost=password('rackpw');
exit
Here is the step that I am stuck on;
RackTables installation: step 4 of 7
Please set ownership (chown) and/or permissions (chmod) of /var/www/racktables/inc/secret.php on the server filesystem as follows:
- The file MUST NOT be writable by the httpd process.
- The file MUST be readable by the httpd process.
- The file should not be readable by anyone except the httpd process.
- The file should not be writable by anyone.
For example, if httpd runs as user "nobody" and group "nogroup", commands similar to the following may work (though not guaranteed to, please consider only as an example):
chown nobody:nogroup secret.php; chmod 400 secret.php
I have tried the
chown root:rackuser /var/www/racktables/inc/secret.php
chmod 400 /var/www/racktables/inc/secret.php
I cant figure out how to set up the permissions so that they fall into this category
- The file MUST NOT be writable by the httpd process.
- The file MUST be readable by the httpd process.
- The file should not be readable by anyone except the httpd process.
- The file should not be writable by anyone.
Please help. Any suggestion is appreciated Thank you
First you have to figure out which user and group your web server (Apache/nginx/etc) are running under.
If you're using Apache, you should be able to check by running:
In Ubuntu, it's common for both user and group to be www-data.
Once you know that, you should be able to change the file's ownership like:
Example:
Keep the chmod the same as you had before.
This should mean it's readable by the www-data user and only the www-data user, writable by nobody (including www-data), which should mean all four of your conditions.