Thanks for the response. I set up a directory under the main DocumentRoot called test drwxr-xr-x 2 rgeddes rgeddes 80 2008-02-18 15:18 test and it appeared in a directory listing in the webpage of my main DocumentRoot. Changed permissions as follows: drwxr-x--- 2 rgeddes rgeddes 80 2008-02-18 15:18 test and test disappears from the webpage (this makes sense) changed group as follows: drwxr-x--- 2 rgeddes www-data 80 2008-02-18 15:18 test and test appears in the webpage (this makes sense) as the servers are running as www-data. Now if I change the group back to: drwxr-x--- 2 rgeddes rgeddes 80 2008-02-18 15:18 test and I add www-data to the rgeddes group in /etc/group, the directory fails to show up. This does not make sense to me as www-data is part of the rgeddes group and rgeddes has r-x permissions. Is there a reason why www-data is not being granted rgeddes group permissions? Thanks Richard Joshua Slive wrote: On Mon, Feb 25, 2008 at 12:59 AM, Richard Geddes <rich.geddes@xxxxxxxxxxx> wrote:Hello, I'm using apache 2.2 on Ubuntu 7.10 setting up name-based virtual hosting . The apache servers servicing requests run as www-data. The idea is to allow users to make their own websites under their home directories, and for the admin to symlink the users' DocumentRoot directories below main DocumentRoot directory, and have the apache configuration file with <VirtualHost> sections direct the http requests appropriately. I got this to work correctly, but I had to set the 'other' execution bit for directories that lead to the users symlinked directory. This means that users will have execute permissions on each others' directories, but I want to keep the users strictly separated from each other.... I think the FAQ suggests this, if I'm not mistaken, but I think there is a security issue here.Having world-executable (searchable, really) home directories is not an uncommon configuration. Yes, your users need to be a little more careful about the permissions of stuff inside their home directories, but that isn't such a big deal. Alternatively, do the symlink in the other direction: put the directories under DocumentRoot and include a symlink in the home directories pointing to the correct location so your users know what to edit. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx |