Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: User /home and public_html

  1. #1
    Join Date
    Jan 2006
    Location
    NY, USA
    Beans
    147
    Distro
    Kubuntu 11.10 Oneiric Ocelot

    User /home and public_html

    Greetings. I am trying to figure out the best way to protect users from other users while allowing public_html access.

    I have /home owned by the admin and group set to "users" where each user is a member of "users" and so is "www-data".

    Each of the users /home/username is owned by user and group is set to user.
    Each of the users /home/username/public_html is owned by user and group is public_html.

    I am not sure if this is good or not. Can someone please tell me what is best/safest so my users cannot mess with each others stuff, but the public_html folders work as intended.


    Thanks,
    Mike

  2. #2
    Join Date
    Nov 2006
    Location
    40.31996,-80.607213
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: User /home and public_html

    Hrm, let's see here.

    Users Home Folders should be set to rwx-rwx- ( 770 ) and owned by user:user
    The public_html directory should probably be set to rwx-r-x- ( 750 ) and owned by user:www-data

    That would prevent others who do not own the directory, and are not in the group to read, write or execute files, and on the pubilc_html directory, the group www-data would be able to read and execute.

    Dr Small
    "Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
    Linux User #441960 | Wiki: DrSmall

  3. #3
    Join Date
    Jan 2006
    Location
    NY, USA
    Beans
    147
    Distro
    Kubuntu 11.10 Oneiric Ocelot

    Re: User /home and public_html

    Thanks for the reply.

    Currenlty I have

    /home is chown admin:users chmod 740
    drwxr-x--- 29 admin users 4096 2008-04-21 09:02 home

    /home/username is chown username:username chmod 770
    drwxrwx--- 33 username username 4096 2008-04-24 10:55 username

    /home/username/public_html chown username:www-data chmod 740 (r-x)
    drwxr-x--- 7 username www-data 4096 2008-04-24 10:02 public_html

    www-data is a member of the "users" group.


    I cannot web to www.server.com/~user , getting 403 Forbidden error.

    I am thinking it must be something with /home itself. Doe the web server need read access to /home ? What am I missing?

    Thank again,
    Mike

  4. #4
    Join Date
    Nov 2006
    Location
    40.31996,-80.607213
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: User /home and public_html

    The public_html directory needs Executable Permissions for the group.

    740 (rwx-r----)
    750 (rwx-r-x--)
    "Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
    Linux User #441960 | Wiki: DrSmall

  5. #5
    Join Date
    Jan 2006
    Location
    NY, USA
    Beans
    147
    Distro
    Kubuntu 11.10 Oneiric Ocelot

    Re: User /home and public_html

    My bad, I have it set to that, just used the wrong numbers. Still does not work.

    drwxr-x--- 7 username www-data 4096 2008-04-24 10:02 public_html


    --
    Mike

  6. #6
    Join Date
    Nov 2006
    Location
    40.31996,-80.607213
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: User /home and public_html

    Is there any files in this directory, that may perhaps have the wrong permission, like an index file?
    "Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
    Linux User #441960 | Wiki: DrSmall

  7. #7
    Join Date
    Feb 2005
    Location
    Sweden
    Beans
    10
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: User /home and public_html

    You also need to set /home/user to have www-data (or users as you put www-data in that group) as it's group, and grant it execute permission (on directories means access to subdirectories and files). Otherwise the web server won't have access to any in that user's directory.

    Code:
    sudo chmod 710 /home/user
    sudo chgrp www-data /home/user

  8. #8
    Join Date
    Jan 2006
    Location
    NY, USA
    Beans
    147
    Distro
    Kubuntu 11.10 Oneiric Ocelot

    Re: User /home and public_html

    Thanks again. Sorry to report, no change.

    On the server, I su www-data and was able to

    cd /home/user/public_html
    more index.html

    just fine, but still get 403 error from browser. Very strange.

    I checked to see if apache2 was configured to allow userdir's and it is.

    I just tried a test. I have a user called test. Here is what I did...

    sudo su
    cd
    chmod o+r /home
    chmod -R 777 /home/test // figured this *should* allow to www

    Still cannot view ~test/index.html in web browser

    Mike
    Last edited by knichel; April 25th, 2008 at 11:40 AM.

  9. #9
    Join Date
    Feb 2005
    Location
    Sweden
    Beans
    10
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: User /home and public_html

    Do you get any error messages in the Apache error log? Error messages are logged to /var/log/apache2/error.log

  10. #10
    Join Date
    Jan 2006
    Location
    NY, USA
    Beans
    147
    Distro
    Kubuntu 11.10 Oneiric Ocelot

    Re: User /home and public_html

    Thanks for the help. Got it fixed.

    Mike

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •