Hello, I'm using apache 2.2 on Ubuntu 7.10 setting up name-based virtual hosting . The apache servers servicing requests run as www-data. The idea is to allow users to make their own websites under their home directories, and for the admin to symlink the users' DocumentRoot directories below main DocumentRoot directory, and have the apache configuration file with <VirtualHost> sections direct the http requests appropriately. I got this to work correctly, but I had to set the 'other' execution bit for directories that lead to the users symlinked directory. This means that users will have execute permissions on each others' directories, but I want to keep the users strictly separated from each other.... I think the FAQ suggests this, if I'm not mistaken, but I think there is a security issue here. In the Ubuntu case, the apache servers run as the user www-data, so I made the www-data user a member of a particular user group... and since each user's directories can have group execute permissions without giving any permissions to other groups www-data should have execute permissions under that particular directory.... but that didn't work. Also, if I can get this to work, I'll have a quick way to enable/disable user's websites. Is there a way of keeping users strictly separated (no permissions between users) and allowing the users' DocumentRoot directories to be symlinked under the main DocumentRoot directory? Richard --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|