Results 1 to 2 of 2
  1. #1

    User perms and virtual hosts under linux/apache

    hi, im a newb to hosting but not to linux/apache. but i have a very newbie permissions question regarding apache virtual hosts controlled by various user accounts -- namely, what set of user perms do i set up so that APACHE can read and execute users' websites, but that OTHER USERS cant see other people's stuff.

    im suffering serious brainfart on this.

    For example: my apache process runs as 'nobody'. so if i have a user frank, and frank wants to run a website, and frank doesnt want any other users to have access to his stuff, whats the best way of setting that up?

    i suppose i could stick his htmlroot in his homedir, and give him his very own apache instance that runs as 'frank/frank', but that creates a big mess for me, the system admin. not very scale-able. and id probably have to have it listen on a nonstandard port (cuz ive already got an apache listening on port 80) and make a reverse proxy to fwd to the nonstandard port and i am WAY too lazy for that. :-)

    my only other idea is to set read and execute perms for group 'nobody' on frank's homedir, and stick frank's htmlroot in there. im assuming that would give apache the perms that it needs to serve the site, while at the sametime saving preserving poor little frank's privacy, so long as noone gets group 'nobody'...

    anyways, im wonder how do 'real' linux webhosts do it?

    i dont have webmin, usermin, plesk, cpanel, whatever. its all command line, baby.

    any advice much appreciated!

  2. #2
    Join Date
    Mar 2004
    Greater Chicagoland
    You can create a group called "webusers" and put the user "nobody" in the "webusers" group.

    Then have all of your web user's root directories (/usr/local/apache/users/joe) setup with the following permissions (chmod 750):

    drwxr-x--- joe webusers /usr/local/apache/users/joe
    drwxr-x--- jim webusers /usr/local/apache/users/jim
    drwxr-x--- tim webusers /usr/local/apache/users/tim
    drwxr-x--- jen webusers /usr/local/apache/users/jen

    Make sure you chown root:wheel /usr/local/apache/users and chmod 755 (or 555) /usr/local/apache/users

    Now for the users this allows only apache to go inside their directories. Once inside their root directory though it doesn't matter who the files are owned by for apache to read them just as long as they are world readable. (chmod 755, 705, 704, etc)

    I hope this makes some sense.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts