Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    private home directories accessible by Apache and PHP


    I have Ubuntu Server Edition 11.10:

    I am trying to setup a server that my friends and I can use to host our various websites. I have Apache and vsFTP setup to work with a bunch of home directories as the DocumentRoot directories for a respective bunch of websites. Each user can access his/her website via FTP.

    Unfortunately there's a bit of a security problem. In order for Apache not to give me a file permission error I have to set the permissions for the entire /home/ directory to 777. Users can't access each other's home directories via FTP because the file root is the home directory. If, on the other hand, one user logged into my server with a remote shell client then he/she could totally destroy the other users' websites.

    A failed solution: I tried to get around this by setting the permission on all home directories to 774. Apache couldn't serve the directories anymore. I then added the user www-data to the groups of all of my other users. I gave each user and it's associated group ownership of it's home directory. Apache still gave me the permission error even though www-data had read/write/execute permission for the files in question.

    Any ideas?


  2. #2
    Join Date
    Nov 2011
    www-data is added to all user's group so, whenever user upload or creates any file, then permissions will be 644 not 664

    thats why www-data is not able to write to that file or folder.

    User umask command for every user and set it like "umask 002" so every file created by user will have permission 664 and folders will have 775

    Last edited by MikeTbob; 12-01-2011 at 12:07 PM. Reason: removed redirect

  3. #3
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Western Kentucky
    Apache, for the most part these days, has something like that built into the config file. Its commented out, and requires some tweaking, but perhaps it will do the job. If its not there, here's the code:
    # Control access to UserDir directories.  The following is an example
    # for a site where these directories are restricted to read-only.
    #<Directory /home/*/public_html>
    #    AllowOverride FileInfo AuthConfig Limit
    #    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    #    <Limit GET POST OPTIONS>
    #        Order allow,deny
    #        Allow from all
    #    </Limit>
    #    <LimitExcept GET POST OPTIONS>
    #        Order deny,allow
    #        Deny from all
    #    </LimitExcept>
    In order for apache to serve content, it must have at least read access. So check the ownership before you go giving everything full permission. World readable should be more than adequate.
    linux user # 503963

  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts