1

I'm in the process of setting up a server from a clean CentOS 5 install. What is the best permission structure (users, groups, unix permissions) for running a single instance of apache for multiple users? Ideally, it should satisfy these requirements:

  • Each user's websites are stored in a subdirectory of their home directory. Users can edit files and permissions.
  • Apache can read the websites of all users.
  • No user can read the website files of other users.

Bonus question: how to add PHP and/or Perl and/or Ruby to Apache without allowing any users to access any other user's files?

Improve this question

1 Answer 1

Reset to default
4

That's what I did:

  1. chown user_name:www-data website_dir
  2. chmod g+s website_dir # this makes new files/directories in that catalog owned by www-data user (standard Debian webserver user)
  3. Then any user-created file that's group-readable can be accessed by webserver, and user can do chmod g+w if they want directory/file to be also writable by webserver (like configs/upload etc)

Downside of that is that user www-data runs all the scrips so user can get another user data using php/ruby/perl/whatever is run on webserver.

Next step would be using something like mod_suphp or mod_suexec to run user scrips with privledges of that user.

Improve this answer
2
  • What group memberships do each user have? Is the user a member of www-data? Wouldn't they be able to read another user's website_dir? Commented Jan 16, 2011 at 0:41
  • No, you would not make the user members of the www-data group. Commented Jan 16, 2011 at 3:47

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.