On 02/04/2010 08:30 PM, Thomas, Peter wrote: > Just a stylistic note, I'm a great believer in the "find" command, but > in this case I believe it is more readable to do something like this: > > # First, make sure the home directory is traversable by all users > chmod a+x /home/somebody > > # Then, make sure NO files are executable under /home/somebody/www > [equivalent to chmod -R 644 /home/somebody/www] > # *** side effect--this temporarily makes all directories > non-traversable, we'll fix that in a moment > chmod -R u=rw,go=r /home/somebody/www > > # finally, re-enable directory traversal in /home/somebody/www and below > chmod -R a+X /home/somebody/www > > For those not familiar, the symbolic "X" argument to chmod has the > following semantics: it will always make directories traversable. It > will make files executable if and only if at least one executable bit > was already set in the file's permissions. > > --Pete > -----Original Message----- > From: Philip Wigg [mailto:phil@xxxxxxxxxxxxxxxx] > Sent: Thursday, February 04, 2010 9:48 AM > To: users@xxxxxxxxxxxxxxxx > Subject: Re: Help needed to set correct permissions > > On 4 February 2010 14:34, Perl Whore <whoreperl@xxxxxxxxx> wrote: >> I'm still getting the permission error. >> >> [Thu Feb 04 06:47:11 2010] [error] [client 1.2.3.4] (13)Permission >> denied: access to / denied >> [Thu Feb 04 07:29:05 2010] [error] [client 1.2.3.4] (13)Permission >> denied: access to /test.htm denied >> [Thu Feb 04 07:29:08 2010] [error] [client 1.2.3.4] (13)Permission >> denied: access to /favicon.ico denied > > The following should work:- > > chmod +x /home/somebody > chmod g+rx /home/somebody/www > find /home/somebody/www -type f | xargs chmod 644 > > I didn't set /home/somebody as executable earlier so maybe that was it. > >> Also, I took a look at mod_userdir and it says the URLs will be like >> http://example.com/~user/ which is not what I'm looking to do. My >> users have their own domains. > > Fair enough. You could look at mod_vhost alias if you have a lot of > users to set up. > > Cheers, > Phil. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server > Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > Thanks, this worked. But is this the best way to do it, though? Is it possible to make the www folder traversible only by the apache user/group and not *all* users? The users on my box are trusted so it's not a big deal but I'm just trying to understand best practices used for security. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|