/home layout and permissions
>>>>> Sven Joachim <svenjoac@gmx.de> writes:
>>>>> On 2011-09-24 08:21 +0200, Mark Panen wrote:
[A kind of follow-up to an old news:comp.unix.shell thread [1].]
[1] news:87pr9pzgjl.fsf_-_@violet.siamics.ipv6.uusia.org
From: Ivan Shmakov <oneingray@gmail.com>
Newsgroups: comp.unix.shell
Subject: non-FHS hierarchies: /var/home, /var/public, /var/public/storage
Date: Thu, 17 Sep 2009 23:23:26 +0700
(Somehow, Google Groups knows nothing about it.)
>> What is the out the box permissions for /home/* on Squeeze?
> 0755, adjust the DIR_MODE variable in /etc/adduser.conf if you like
> to change that.
My current preference is to have the following layout under
/home:
/home
|-- …
|-- private
| |-- …
| `-- users
| `-- USERNAME — user's home directory (mode: 0700);
`-- public
|-- …
|-- users
| `-- USERNAME — user's public directory (0755);
`-- storage
|-- …
`-- users
`-- USERNAME — user's “storage” directory (0755.)
(As could be seen from the above, I no longer advocate the use
of a single filesystem for all the variable content; I now
prefer to use separate filesystems for /var and /home.)
In principle, the arrangement above could be extended with some
‘groups’ directories as well, though it seems to me that the
concurrent access may generally be error-prone.
For the “hardlinks” to work, it's advisable for /home/private/
and /home/public/ to share a single filesystem.
The storage/ hierarchy (residing on a separate filesystem) is
indented for the (typically larger) content of lower backup
priority. There, one could put, e. g., the copies of anything
readily available for download over Internet.
It a typical setup, the public/users/ directories will also be
accessible via HTTP (via Apache's mod_userdir; with UserDir set
to /home/public/users/.) If CGI is also desired, a
‘public_html’ link pointing to the respective public/users/
directory could be put into the user's home directory, in order
to satisfy the suexec(8)'s constraints. (FWIW, I prefer to have
an HTTP server installed on all the hosts, unless there's a very
good reason not to install it.)
--cut: /etc/apache2/sites-available/example --
<IfModule mod_userdir.c>
UserDir /home/public/users
</IfModule>
<Directory /home/public/users>
AllowOverride FileInfo Indexes AuthConfig Limit
Options Indexes ExecCGI SymLinksIfOwnerMatch IncludesNoExec
</Directory>
--cut: /etc/apache2/sites-available/example --
It's also an option to have /home/public/ accessible via Rsync
just as well, but it should be noted that while user can easily
control HTTP access by placing .htaccess files where necessary,
Rsync couldn't be controlled in such a way.
--cut: /etc/rsyncd.conf --
[public]
path = /home/public
comment = Public directory
--cut: /etc/rsyncd.conf --
--
FSF associate member #7257
Reply to: