Enforce Apache Ownership of Files on CentOS, RHEL and Fedora with SaltStack



  • In your SLS file, you can make Salt control the recursive ownership for a directory. This is very common to need to do with Apache, especially as files are added or packages installed, as they are generally not installed as the Apache user. So enforcing this can protect the directory from accidentally getting improper permissions. On CentOS, RHEL and Fedora based systems, the Apache web folder is /var/www/html and the user, as well as the group, owner is apache so the following Salt directive will suffice:

    /var/www/html/:
      file.directory:
        - user: apache
        - group: apache
        - recurse:
          - user
          - group
    


  • Does running this make the system constantly check to ensure this is still true? or do you need to schedule running this occasionally?



  • @Dashrender said in Enforce Apache Ownership of Files on CentOS, RHEL and Fedora with SaltStack:

    Does running this make the system constantly check to ensure this is still true? or do you need to schedule running this occasionally?

    Yes, it's a state machine. So it always makes sure that it is true. This is a state description file, not something you "run".



  • Cool.



  • That doesn't mean that you can't break the permissions, but it will set itself back without intervention. As long as you have the state system set up. You can use Salt, or any of these systems, as they are not intended and only test the state and not keep it set, of course, Then it would not self-heal.



  • Just as a comparison, here's what it would look like with Ansible:

    name: Recursively own html files
      file:
        path: /var/www/html
        owner: apache
        group: apache
        state: directory
        recurse: yes