Results 1 to 6 of 6
  1. #1
    Join Date
    May 2001
    Location
    Montreal, Quebec
    Posts
    589

    Apache and permissions

    Hi,
    I have a dedicated server with redhat 7.3 and apache.

    Let say I have a user with his home directory in "/home/user1" and his website in "/home/user1/www". To host a domain for his user, I create a VirtualHost with the DocumentRoot pointing to "/home/user1/www" and I need to chmod the "www" directory to 755. But Apache needs to have read permission to all the directories before the "www" directory to be able to serve thoses files but if I "chmod -R 755 /home/user1", all other users are able to read from this user's home directory.

    What do you guys do to get around this ?

    Also, if this user wants to create a PHP script that writes a file to his home directory, it would get a permission denied error since the user "apache" doesn't have write access to his home directory.

    Thanks for your help.

  2. #2
    Join Date
    Sep 2001
    Location
    Madras
    Posts
    738
    You dont 755.

    Just cd /home as root

    chown user1 user1

    As far as possible keep /home as 711 and individual userdirs as 711
    Offering Managed Servers - for an exclusive clientèle who value uptime, caring support and superior technology.

  3. #3
    or for better security (unless you really want to have a+w on the file that is write open for all users on your system) you can use some cgiwrap (not good from security point ov view) or suexec - I am not quite sure if it's easy to setup for php, but you can check out apache.org for documentation.

  4. #4
    Join Date
    May 2001
    Location
    Montreal, Quebec
    Posts
    589
    OK, thanks. That is what I was looking for.

    For PHP, I found that I have to use suexec but I have to run my php scripts as CGI.

    On my shared account at VO, I can write a file to my home directory via a php script (not in CGI mode). Does that mean that apache has the right to write to my home directory ? If so, does that mean that other users can also write to my home directory via a php script ?

    Thanks for your help.

  5. #5
    Join Date
    Feb 2002
    Posts
    956
    yes
    This forum officially ****ing sucks

  6. #6
    you should check out directory permissions... by the way, also check who owns the newly created file (your userid or apache webserver)!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •