[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: apache



Casey Boone wrote:
> i set the folder to at least 644 permissions for each folder down until the
> folder that was supposed to be the root for the virtual host
> 
> index.html file was also set 644

chmod 644 index.html ==> rw-r--r-- ==> u=rw,g=r,o=r

That's fine for files. For directories, you also need *execute* permissions.

So, on the folders, you should set permissions to 755.

chmod 755 public_html ==> rwxr-xr-x ==> u=rwx,g=rx,o=rx

Read permissions on a directory let you read the contents.
Execute permissions let you *traverse* the directory (i.e. into its
subdirectories).

And if you are talking about a user's home directory, you will need to have
the following permissions for the directories:

$ ls -ld /home /home/user /home/user/public_html
rwxr-xr-x 1 root sys  ... /home
rwxr-xr-x 1 user user ... /home/user
rwxr-xr-x 1 user user ... /home/user/public_html

The reason is that in order to *get to* /home/user/public_html, you must first
be able to traverse both /home and /home/user. If the web user runs as
'nobody' or 'web', then they are likely not in the sys or users groups.
Hence, the effective permissions of 'other' when traversing the filesystem
to get to your web pages.

So, if you think this compromises your home directory, then you will need
to reconfigure Apache to use a different 'root' directory for users that is
not their home directories. Some people don't like their home directories
being exposed for all to see what's inside. i.e. pr0n, mp3z, oggz, etc.

ObStarWars: http://atomfilms.shockwave.com/afassets/flash/gangsta.swf

Mike808/
-- 
perl -le "$_='7284254074:0930970:H4012816';tr[0->][ BOPEN!SMUT];print"

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.