Results 1 to 3 of 3
Hello, I have Ubuntu Server Edition 11.10: I am trying to setup a server that my friends and I can use to host our various websites. I have Apache and ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-27-2011 #1
- Join Date
- Mar 2011
private home directories accessible by Apache and PHP
I have Ubuntu Server Edition 11.10:
I am trying to setup a server that my friends and I can use to host our various websites. I have Apache and vsFTP setup to work with a bunch of home directories as the DocumentRoot directories for a respective bunch of websites. Each user can access his/her website via FTP.
Unfortunately there's a bit of a security problem. In order for Apache not to give me a file permission error I have to set the permissions for the entire /home/ directory to 777. Users can't access each other's home directories via FTP because the file root is the home directory. If, on the other hand, one user logged into my server with a remote shell client then he/she could totally destroy the other users' websites.
A failed solution: I tried to get around this by setting the permission on all home directories to 774. Apache couldn't serve the directories anymore. I then added the user www-data to the groups of all of my other users. I gave each user and it's associated group ownership of it's home directory. Apache still gave me the permission error even though www-data had read/write/execute permission for the files in question.
- 12-01-2011 #2
- Join Date
- Nov 2011
www-data is added to all user's group so, whenever user upload or creates any file, then permissions will be 644 not 664
thats why www-data is not able to write to that file or folder.
User umask command for every user and set it like "umask 002" so every file created by user will have permission 664 and folders will have 775
Last edited by MikeTbob; 12-01-2011 at 12:07 PM. Reason: removed redirect
- 12-01-2011 #3
Apache, for the most part these days, has something like that built into the config file. Its commented out, and requires some tweaking, but perhaps it will do the job. If its not there, here's the code:
# Control access to UserDir directories. The following is an example # for a site where these directories are restricted to read-only. # #<Directory /home/*/public_html> # AllowOverride FileInfo AuthConfig Limit # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec # <Limit GET POST OPTIONS> # Order allow,deny # Allow from all # </Limit> # <LimitExcept GET POST OPTIONS> # Order deny,allow # Deny from all # </LimitExcept> #</Directory>linux user # 503963