Hi,
I have a dedicated server with redhat 7.3 and apache.

Let say I have a user with his home directory in "/home/user1" and his website in "/home/user1/www". To host a domain for his user, I create a VirtualHost with the DocumentRoot pointing to "/home/user1/www" and I need to chmod the "www" directory to 755. But Apache needs to have read permission to all the directories before the "www" directory to be able to serve thoses files but if I "chmod -R 755 /home/user1", all other users are able to read from this user's home directory.

What do you guys do to get around this ?

Also, if this user wants to create a PHP script that writes a file to his home directory, it would get a permission denied error since the user "apache" doesn't have write access to his home directory.

Thanks for your help.

You dont 755.

Just cd /home as root

chown user1 user1

As far as possible keep /home as 711 and individual userdirs as 711

or for better security (unless you really want to have a+w on the file that is write open for all users on your system) you can use some cgiwrap (not good from security point ov view) or suexec - I am not quite sure if it's easy to setup for php, but you can check out apache.org for documentation.

OK, thanks. That is what I was looking for.

For PHP, I found that I have to use suexec but I have to run my php scripts as CGI.

On my shared account at VO, I can write a file to my home directory via a php script (not in CGI mode). Does that mean that apache has the right to write to my home directory ? If so, does that mean that other users can also write to my home directory via a php script ?

Thanks for your help.

yes

you should check out directory permissions... by the way, also check who owns the newly created file (your userid or apache webserver)!