httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Geddes <rich.ged...@verizon.net>
Subject Re: [users@httpd] Question on permissions
Date Tue, 26 Feb 2008 16:08:08 GMT
Thanks for the response. 

I set up a directory under the main DocumentRoot called test

drwxr-xr-x 2 rgeddes rgeddes  80 2008-02-18 15:18 test

and it appeared in a directory listing in the webpage of my main
DocumentRoot.

Changed permissions as follows:

drwxr-x--- 2 rgeddes rgeddes  80 2008-02-18 15:18 test

and test disappears from the webpage (this makes sense)

changed group as follows:

drwxr-x--- 2 rgeddes www-data  80 2008-02-18 15:18 test

and test appears in the webpage (this makes sense) as the servers are
running as www-data.

Now if I change the group back to:

drwxr-x--- 2 rgeddes rgeddes  80 2008-02-18 15:18 test

and I add www-data to the rgeddes group in /etc/group, the directory
fails to show up.  This does not make sense to me as www-data is part of
the rgeddes group and rgeddes has r-x permissions.

Is there a reason why www-data is not being granted rgeddes group
permissions?

Thanks
Richard


Joshua Slive wrote:
> On Mon, Feb 25, 2008 at 12:59 AM, Richard Geddes
> <rich.geddes@verizon.net> wrote:
>   
>> Hello,
>>
>>  I'm using apache 2.2 on Ubuntu 7.10 setting up name-based virtual
>>  hosting .  The apache servers servicing requests run as www-data.
>>
>>  The idea is to allow users to make their own websites under their home
>>  directories, and for the admin to symlink the users' DocumentRoot
>>  directories below main DocumentRoot directory, and have the apache
>>  configuration file with <VirtualHost> sections direct the http requests
>>  appropriately.
>>
>>  I got this to work correctly, but I had to set the 'other' execution bit
>>  for directories that lead to the users symlinked directory.  This means
>>  that users will have execute permissions on each others' directories,
>>  but I want to keep the users strictly separated from each other.... I
>>  think the FAQ suggests this, if I'm not mistaken, but I think there is a
>>  security issue here.
>>     
>
> Having world-executable (searchable, really) home directories is not
> an uncommon configuration. Yes, your users need to be a little more
> careful about the permissions of stuff inside their home directories,
> but that isn't such a big deal.
>
> Alternatively, do the symlink in the other direction: put the
> directories under DocumentRoot and include a symlink in the home
> directories pointing to the correct location so your users know what
> to edit.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>   

Mime
View raw message