[ale] Multi-user web server permissions

Jeff Lightner jlightner at water.com
Fri May 1 08:08:30 EDT 2009


Also make sure you pay attention to the parent directory of these home
directories (typically /home).

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Jim
Kinney
Sent: Friday, May 01, 2009 7:31 AM
To: Atlanta Linux Enthusiasts - Yes! We run Linux!
Subject: Re: [ale] Multi-user web server permissions

NOT 707!!!

Remember the order is user, group, world. So 707 is read/write for
user and world!

Each users home dir should be set to 700. The files in each home dir,
and sub folders as well should be xx0.

If all the domain users are in the same group (eg. users) then
directory permissions of x7x will allow them to write as well as read
into a directory.. Folder perms of x5x will allow read but not write.

Some distro's (redhat and variants) have users in their own groups. So
user fred would have primary group fred. This forces shared groups to
be made explicitly and thus avoids a group write security issue.

To recap, the perm options are 1,2,4 for x,w,r. Add them to get the
number for chmod. So a user with rwx, group rx, and world x would be
751.

On Fri, May 1, 2009 at 7:11 AM, David M Lemcoe Jr. <forum at lemcoe.com>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello hello.
>
> I currently have a server with about 15 people that have domains on
> it. When playing around in SSH, I noticed that if I ssh as a user that
> was not in his own directory, I could change, edit, and view his
files.
>
> What permissions do I need to set in order for other users not to be
> able to access others' files, but let Apache access them.
>
> It would make sense to first chown the directory, put all the web
> server users in a group, and chmod everything 707.
>
> Apparently this doesn't work.
>
> How would you all recommend I do this?
>
> Thank you!
>
> David
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkn62NYACgkQe0Ain3PYkIan1wCfWNnAI0e/1Z/ZNjVCsXmFX7Ob
> gfkAn2EzEKxTKaezblOyREwPyM5L8OhC
> =0srx
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>



-- 
-- 
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
 
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------



More information about the Ale mailing list