You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Joshua Slive <js...@gmail.com> on 2005/05/01 04:13:39 UTC
Re: [users@httpd] vhosts, /home/*/public_html and perms - question
On 4/30/05, Corey <co...@qwest.net> wrote:
>
> Hello!
>
> I'm trying to understand how to keep user's home directory permisions tight,
> while still allowing apache to access their respective public_html UserDir's,
> but have become somewhat stuck.
>
> At the moment I cannot seem to get apache to be able to read the UserDir's
> without chmod'ing 755.... I want /home/<user> to be 750.
>
> I thought the SuexecUserGroup directive in the VirtualHost's would acheive
> this, but apparently I'm wrong.
Suexec affects only CGI scripts, not normal request processing.
Apache must be able to read all the files it is going to serve using
the User/Group specified in httpd.conf. In general, this means giving
at least global search permission (+x) to the /home/user directories,
although you could get away with group search permissions if you make
all the home directories owned by a group that the apache User/Group
belongs to.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] vhosts, /home/*/public_html and perms - question
Posted by Corey <co...@qwest.net>.
On Saturday 30 April 2005 07:13 pm, Joshua Slive wrote:
> On 4/30/05, Corey <co...@qwest.net> wrote:
<snip>
> > At the moment I cannot seem to get apache to be able to read the
> > UserDir's without chmod'ing 755.... I want /home/<user> to be 750.
> >
<snip>
> Suexec affects only CGI scripts, not normal request processing.
>
> Apache must be able to read all the files it is going to serve using
> the User/Group specified in httpd.conf. In general, this means giving
> at least global search permission (+x) to the /home/user directories,
> although you could get away with group search permissions if you make
> all the home directories owned by a group that the apache User/Group
> belongs to.
>
Ok, that makes sense.
I got a handle on this now, many thanks!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org