VxJasonxV
02-19-2004, 05:16 PM
So I've been toying with Apache 2 on my local Fedora Core 1 box, and I realized something I did.
Any of you who know me know that I am a(n):
1) Standards whore.
2) Updates whore.
3) 'Good policy' practice whore.
So, I'm doing Name Based Virtual hosting, and have two accounts (plus a nameserver) set up.
I realized a few days ago that I set it up so that any account could access anyone's http directory.
As it currently stands, my structure is:
home
|--- user1
|--- httpd
|xxx |------ user1
|xxx |------ user2
|xxx |------ user3
|--- user2
|--- user3
originally, everything /home/httpd/* was 755, I believe. Regardless, any user could access each other's files. That's not good.
So, what I did was, I set 750 on all httpd's child directories, and then 1`chgrp`'ed them all to apache. This way, the owner had full, apache could read and execute, and everyone else could do NOTHING.
Would that be a good way of doing it?
Part 2
Initially, I attempted to just add a 'public_html' folder to each user's home directory. But when I tried to view the website, all I got were 403's (go figure). After realizing the problem was that apache couldn't get past the user's home directory, that's when I came up with the /home/httpd/* idea.
So, after I get this working, I'm going to change it, so users CAN work out of their home directory.
Should I do the same thing? Set the user's home directory to 750, owned by user#, group owned by apache?
Any of you who know me know that I am a(n):
1) Standards whore.
2) Updates whore.
3) 'Good policy' practice whore.
So, I'm doing Name Based Virtual hosting, and have two accounts (plus a nameserver) set up.
I realized a few days ago that I set it up so that any account could access anyone's http directory.
As it currently stands, my structure is:
home
|--- user1
|--- httpd
|xxx |------ user1
|xxx |------ user2
|xxx |------ user3
|--- user2
|--- user3
originally, everything /home/httpd/* was 755, I believe. Regardless, any user could access each other's files. That's not good.
So, what I did was, I set 750 on all httpd's child directories, and then 1`chgrp`'ed them all to apache. This way, the owner had full, apache could read and execute, and everyone else could do NOTHING.
Would that be a good way of doing it?
Part 2
Initially, I attempted to just add a 'public_html' folder to each user's home directory. But when I tried to view the website, all I got were 403's (go figure). After realizing the problem was that apache couldn't get past the user's home directory, that's when I came up with the /home/httpd/* idea.
So, after I get this working, I'm going to change it, so users CAN work out of their home directory.
Should I do the same thing? Set the user's home directory to 750, owned by user#, group owned by apache?