Re: apache, public_html, and security
>>"Paul" == Paul Miller <Paul@LuckyNumber.com> writes:
Paul> is there a way I can prevent users from looking at other user's
Paul> dirs and still have the public_html function of apache (v1.2.1)?
Not trivially. The http server process runs as user www-data
(for apache, boa runs as user nobody). In order for the apache server
to see the files in users directories, the files have to be readable
by www-data. Typically, that would mean world readable files.
However, www-data belongs to group www-data. This may help.
NOTE: This is untested.
Suppose you, as root, go in and
# cd /home
# chgrp -R www-data */public_html/
# chmod g+rxs */public_html/
Since the users are still the owners of the directory and the
files, they can still add/delete files.
Since the directories are g+s, any new files will inherit the
group (www-data) from the parent directory. (note: you may really
want to do a something like:
# for i in */public_html ; do
echo Working on $i
chgrp -R www-data $i
find $i -type d -exec chmod g+rxs {} \; -print
echo $i done
done
)
I hope this at least gives you a starting point.
manoj
--
"I have discovered the heart of bushido: to die!" Yamamoto Tsunetomo
Manoj Srivastava <url:mailto:srivasta@acm.org>
Mobile, Alabama USA <url:http://www.datasync.com/%7Esrivasta/>
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: