Re: [expert] Virtual Hosting Question

Mon, 23 Sep 2002 17:45:40 -0700 

Scott wrote on Mon, Sep 23, 2002 at 07:35:12PM -0400 :
> 
> Most of the sites are ones that the user updates themselves.  When I 
> create an account for them I use the web space for their home directory so 
> when they log in they are right in the directory.  My question's are:
> 1)Is this cool or something lame I learned the wrong way

Sounds good.

> 2)What do you set the web files to in order to protect them from wandering 
> eyes?  Most users just use something like CuteFTP and drop the files, but 
> if someone wanted to log into the box they could wander and read other web 
> sites code.

Assuming that you use user apache and group apache to run the webserver:
  chmod -R 750 /usr/www
  chgrp -R apache /usr/www
  chmod g+s /usr/www
  chmod g+s /usr/www/*

But you better make damn sure that apache can read those files before
you consider yourself done.

What this does is make mode 750 for all files and directories under and
include /usr/www (750 is rwxr-x---).  Then make group apache be the
owner of all files and directories.  Then (this is the magic), set the
sgid bit of the directory /usr/www.  Since it's owned by group apache,
the sgid bit being set on the directory makes any file that is created
be owned by group apache (and of course, the user who created it).

Any new subdirectories created by the users will automatically have the
sgid bit set.  Unfortunately, it's not simple to automatically recurse
all the directories and set the sgid bit.  But a oneline bash command
will do it for you:
  ls -R | grep ":$" | sed 's#:$##' | awk '{print "\""$0"\""}' | xargs chmod g+s

Work through the logic and it will start to make sense.  The awk
statement is included for the sole purpose of putting quotes around the
name incase it contains spaces or funky characters.

Blue skies...                   Todd
-- 
| MandrakeSoft USA             | Security is like an onion.  It's made |
| http://www.mandrakesoft.com  | made up of several layers and makes   |
| http://www.mandrakelinux.com | you cry.              --Howard Chu    |
   Cooker Version mandrake-release-9.0-0.3mdk Kernel 2.4.19-12mdk

Attachment: msg57974/pgp00000.pgp
Description: PGP signature

Reply via email to