Find the answer to your Linux question:
Results 1 to 3 of 3
Hello, I have Ubuntu Server Edition 11.10: I am trying to setup a server that my friends and I can use to host our various websites. I have Apache and ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2011
    Posts
    5

    private home directories accessible by Apache and PHP


    Hello,

    I have Ubuntu Server Edition 11.10:

    I am trying to setup a server that my friends and I can use to host our various websites. I have Apache and vsFTP setup to work with a bunch of home directories as the DocumentRoot directories for a respective bunch of websites. Each user can access his/her website via FTP.

    Unfortunately there's a bit of a security problem. In order for Apache not to give me a file permission error I have to set the permissions for the entire /home/ directory to 777. Users can't access each other's home directories via FTP because the file root is the home directory. If, on the other hand, one user logged into my server with a remote shell client then he/she could totally destroy the other users' websites.

    A failed solution: I tried to get around this by setting the permission on all home directories to 774. Apache couldn't serve the directories anymore. I then added the user www-data to the groups of all of my other users. I gave each user and it's associated group ownership of it's home directory. Apache still gave me the permission error even though www-data had read/write/execute permission for the files in question.

    Any ideas?

    Thanks,

  2. #2
    Banned
    Join Date
    Nov 2011
    Location
    India
    Posts
    29
    www-data is added to all user's group so, whenever user upload or creates any file, then permissions will be 644 not 664

    thats why www-data is not able to write to that file or folder.

    User umask command for every user and set it like "umask 002" so every file created by user will have permission 664 and folders will have 775


    Thanks,
    Manoj
    Last edited by MikeTbob; 12-01-2011 at 11:07 AM. Reason: removed redirect

  3. #3
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    Apache, for the most part these days, has something like that built into the config file. Its commented out, and requires some tweaking, but perhaps it will do the job. If its not there, here's the code:
    Code:
    # Control access to UserDir directories.  The following is an example
    # for a site where these directories are restricted to read-only.
    #
    #<Directory /home/*/public_html>
    #    AllowOverride FileInfo AuthConfig Limit
    #    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    #    <Limit GET POST OPTIONS>
    #        Order allow,deny
    #        Allow from all
    #    </Limit>
    #    <LimitExcept GET POST OPTIONS>
    #        Order deny,allow
    #        Deny from all
    #    </LimitExcept>
    #</Directory>
    In order for apache to serve content, it must have at least read access. So check the ownership before you go giving everything full permission. World readable should be more than adequate.
    linux user # 503963

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •