[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Permissions to allow public_html and nothing else



On Tue, Nov 02, 1999 at 02:18:40AM +0100, Anthony E. Greene wrote:
> Peter Kiem wrote:
> > >Other users can still see the directory information for files in the $HOME
> > >directory if they already know the filename. I created a directory for my
> > >users that has permissions drwx------ so that only the owner can see the
> > >files.
> > 
> > Well I tried that and Apache then cannot serve the public_html directory as
> > the user "nobody" doesn't have any access to $HOME.  You get nothing but
> > "403 Access Forbidden" with those permissions 8(
> > 
> > I thought the bare minimum permission for $HOME would be --x for "others"
> > cause they cannot read or write to that dir, but like you say they can
> > pass-through if they know the name, and hence get to the public_html dir and
> > nothing else.
> 
> The 700 permission I described is not for public
> _html, but for the other directory that I created to protect user file.
> public_html must have at least 701 permission, as noted in the original
> post.

I am currently in a similar situation. Apache requires that the user's
home directory be world executable and the public_html directory be
world readable. In my application, however, this is unacceptable,
since the user may have private files in his public_html directory
that are protected by a .htaccess file. Its not very useful to protect
them with a .htaccess file if any other user on the system can browse
through them with a chdir.

Historically we solved this by writing our own apache module that
su:ed to 'user' whenever any file under in ~user/public_html was
accessed. This, however, is a pain to support (since we now want to
upgrade apache).

I've looked at mod_suexec, but it only works for SSIs and CGIs. Does
anyone know of another solution, or are there ways to configure
mod_suexec to do this?

Thanks,
Rob



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]