[ale] Multi-user web server permissions

[Jim Kinney]

NOT 707!!!

Remember the order is user, group, world. So 707 is read/write for
user and world!

Each users home dir should be set to 700. The files in each home dir,
and sub folders as well should be xx0.

If all the domain users are in the same group (eg. users) then
directory permissions of x7x will allow them to write as well as read
into a directory.. Folder perms of x5x will allow read but not write.

Some distro's (redhat and variants) have users in their own groups. So
user fred would have primary group fred. This forces shared groups to
be made explicitly and thus avoids a group write security issue.

To recap, the perm options are 1,2,4 for x,w,r. Add them to get the
number for chmod. So a user with rwx, group rx, and world x would be
751.

On Fri, May 1, 2009 at 7:11 AM, David M Lemcoe Jr. <forum at lemcoe.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello hello.
>
> I currently have a server with about 15 people that have domains on
> it. When playing around in SSH, I noticed that if I ssh as a user that
> was not in his own directory, I could change, edit, and view his files.
>
> What permissions do I need to set in order for other users not to be
> able to access others' files, but let Apache access them.
>
> It would make sense to first chown the directory, put all the web
> server users in a group, and chmod everything 707.
>
> Apparently this doesn't work.
>
> How would you all recommend I do this?
>
> Thank you!
>
> David
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkn62NYACgkQe0Ain3PYkIan1wCfWNnAI0e/1Z/ZNjVCsXmFX7Ob
> gfkAn2EzEKxTKaezblOyREwPyM5L8OhC
> =0srx
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
-- 
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness