httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: Unix permissions limitation
Date Mon, 22 Apr 2002 20:49:53 GMT
Ted Packwood wrote:
> Andy-
> Thanks for the suggestion, but it does not address the issue.
> We need to restrict access (including read-access) to only those
> people allowed to view the files.  As I stated below, having
> everyone who needs to edit web documents belong to the same GID
> is not secure enough.  To use your example, webuser2 can still
> view webuser1's web documents on the unix side, even if the web
> side is controlled by .htaccess files.  This would work for 
> public information but for web data that needs to be secured
> this won't work.  We need to be able to make it so that only
> the people belonging to webuser1 (for instance) can view webuser1's
> files on the unix side AND the web side.
> Sorry if I didn't make this clear enough.
> Ted
> Andrew Hawkes wrote:
>>Why do they need to belong to the group to edit files? What about
>>-rw-r-----  webuser1  nobody  blah.html
>>-rw-r-----  webuser2  nobody  foo.html

I think you are wrong Ted.  Andrew's suggestion was that *neither* user 
actually belong to the "nobody" group.  Only apache runs under this 
group.  Then webuser1 would not be able to read foo.html.  The problem 
is how to let webuser1 assign the right permissions.  Some OSs let you 
"give away" premissions, so that webuser1 could assign group nobody to 
blah.html even if webuser1 is not in group nobody.  But I don't think 
most unixes work this way.  One alternative is to have an sudo 
configuration that allows your users to easily assign the correct 

Another "solution" I've seen to this problem is to have each users files 
in a subdirectory of a directory that has permissions
Then the subdirectory name intself is kept secret and acts as sort of a 
password to view the files, which are themselves all world readable. 
(Obviously, you need to use hard to guess names.)  This is basically a 
"security through obscurity" approach, but could be made to work as long 
as the stuff you are protecting isn't *too* sensitive.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message