locked out of home directory??

Giles Orr gilesorr-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Oct 26 15:02:25 UTC 2007 

On 10/25/07, Ian Petersen <ispeters-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> On 10/25/07, Zbigniew Koziol <softquake-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> > RTFM.
>
> That was unexpected.  Which of all the fine manuals are you suggesting I read?

I'm not sure what manual he was referring to (Apache's? there may be
an explanation there), but I do remember struggling through this issue
a few years ago so I'll give a slightly more verbose reply.

On a personal machine, having /home/user/ set to 755 (aka drwxr-xr-x)
is probably not an issue (although I prefer to have everything as
secure as possible so I go with 700).  On a family machine, 700 is
probably more desirable, but maybe not essential.  On a shared/public
machine, it's absolutely essential.  So ... while "chmod 755
/home/user/" solves your apache problem, there's a more private
solution if you prefer.  Apache has, over the years, run as various
different users.  I think initially it was "nobody," then "apache,"
and now on the machine I'm using it's "www-data."  It's not actually
important which user it is, but you might be interested: you can find
out by running "ps aux | less and searching for the apache or apache2
process.  The most important thing about this is that the apache user
(whatever it's name might be) is installed with minimal rights and
isn't a member of any groups except its own.  So how to let it have
access to "public_html" without opening up all your files to everyone?
 "chmod 701 /home/user/" (or chmod o+x /home/user/") and "chmod -R 755
/home/user/public_html/" (or "chmod -R go+rx /home/user/public_html/")
should fix things.  Eh?  What this does is means that anyone can "cd"
to user's home directory - but they can't see a damn thing.  They can
"cd" into public_html where they have read and access rights, but they
still have no access to your personal files or directories.

If my explanation is unclear (or doesn't work!) scan down this page,
it has some explanation too:

http://www.acm.uiuc.edu/webmonkeys/html_workshop/unix.html

Hope this helps.

-- 
Giles
http://www.gilesorr.com/
gilesorr-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list