ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Enforce Apache Ownership of Files on CentOS, RHEL and Fedora with SaltStack

    Scheduled Pinned Locked Moved IT Discussion
    saltlinuxapachecentosrhelfedoraweb serversaltstack
    6 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by scottalanmiller

      In your SLS file, you can make Salt control the recursive ownership for a directory. This is very common to need to do with Apache, especially as files are added or packages installed, as they are generally not installed as the Apache user. So enforcing this can protect the directory from accidentally getting improper permissions. On CentOS, RHEL and Fedora based systems, the Apache web folder is /var/www/html and the user, as well as the group, owner is apache so the following Salt directive will suffice:

      /var/www/html/:
        file.directory:
          - user: apache
          - group: apache
          - recurse:
            - user
            - group
      
      1 Reply Last reply Reply Quote 3
      • DashrenderD
        Dashrender
        last edited by

        Does running this make the system constantly check to ensure this is still true? or do you need to schedule running this occasionally?

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by scottalanmiller

          @Dashrender said in Enforce Apache Ownership of Files on CentOS, RHEL and Fedora with SaltStack:

          Does running this make the system constantly check to ensure this is still true? or do you need to schedule running this occasionally?

          Yes, it's a state machine. So it always makes sure that it is true. This is a state description file, not something you "run".

          1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender
            last edited by

            Cool.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              That doesn't mean that you can't break the permissions, but it will set itself back without intervention. As long as you have the state system set up. You can use Salt, or any of these systems, as they are not intended and only test the state and not keep it set, of course, Then it would not self-heal.

              1 Reply Last reply Reply Quote 0
              • stacksofplatesS
                stacksofplates
                last edited by stacksofplates

                Just as a comparison, here's what it would look like with Ansible:

                name: Recursively own html files
                  file:
                    path: /var/www/html
                    owner: apache
                    group: apache
                    state: directory
                    recurse: yes
                
                1 Reply Last reply Reply Quote 2
                • 1 / 1
                • First post
                  Last post