[peruser] publishing users home directory with 700 acces

Sean Gabriel Heacock gabriel at telana.com
Mon Jul 4 23:54:18 MDT 2005


On Mon, 2005-07-04 at 21:26 -0400, Alvaro Torres F. wrote:
> Hello I don´t know if this is the right plase to ask this question.

Well this list is for the peruser module for apache2, so if you're not
running that then this is probably more of a general apache question.

> I´ve a server with 50 users and I want to protect the home directory
> of every user chmoding to 700 everyone, then nobody  can acces to a
> home directory of another user.

With vanilla apache, the web server would be running as "apache" or
"www" or some such user, and the directories would have to be accessible
by that user.  A permission of 711 might work, that would give all users
the ability to enter the directory, but not to read its contents.
Apache is usually going to be requesting specific files, so it's fine
with that, but any other users would get "permission denied" if they
tried to "ls" in someone else's directory.  It's not optimal, but it's
better than 755.  It's exactly this kind of situation that prompted me
to work on this peruser project.

With peruser, even if you didn't use the chroot feature, the home
directory could be owned by the user and set to the mode 700.  Apache
would be able to access it because it would be running as that user when
serving those files.  But, it's still very much in development and
really not suited for production use yet.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/




More information about the Peruser mailing list