[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 257
  • Last Modified:

user dir access

Hello experts.
I've got a pretty easy question for you.
I've set up apache to let users have a public_html dir in their home dir (UserDir public_html)

To get it to work i had to chmod 755 the all the users dirs, otherwise it would give me '403 Forbidden...' errors.

Is there any other way to let users have their public_html dirs without letting all the other users access their home dirs?

0
nikitin
Asked:
nikitin
3 Solutions
 
phlcCommented:
user@host:/home/user$ chown user:user public_html

this will give the 755 just for the USER on you public_html dir, and others cant have access .


0
 
samriCommented:
nikitin,

I have checked the Apache docs, and did my own testing,  itt's fruitless.  Apache seems to require read-access to the folder, and it's parent folder.

Apache somehow need to be executed as ono user (just like anyother user on the system).  Perhaps, you could run apache as root, and the problem with user directory restriction will not be a proble.  But this will impose another security issue.

I still believe that the is a way around this limitation.. but yet to fid out.

good luck.
0
 
pheurCommented:
A compromise solution:
chmod 711 ~user
chmod 755 ~user/public_html
If you have all users in the same group (like in SlackWare) change the first line to:
chmod 701 ~user
The users won't see the content of each other's directory, but they may access files if they know the names and have the permissions on those files/dirs (public_html is one of these)

Alternatively, setup for each user a different space to put their homedir (such as /var/user-www/username) and use mod_rewrite to make the redirection (http://httpd.apache.org/docs/mod/mod_rewrite.html). In this case you can chmod 700 the homedirs.

Running apache as root is out of question. If I remember well you have to recomile it specially to accept that.

----
Radu-Adrian Feurdean
Brainbench Linux MVP
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now