• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Apache AND chmod 770 ("User and Group ONLY" Files Hosted on the Web)

vask

Member

Thanks: 4
Messages: 56

#1
I am exploring file permissions and noticed that apache can host this file:
#ls -la
-rwxrwx--- 1 main www 40 Jan 27 01:54 index.php

The part that throws me off though is that apache can NOT host this same file with:

# chown main:main index.php
# groups www
www main
#ls -la
-rwxrwx--- 1 main main 40 Jan 27 01:54 index.php

Isn't the user [www] in the group [main] so shouldn't that do the this file still be accessible on the web instead of throwing the error:

Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0

Fatal error: Unknown: Failed opening required '/www/site/main/public/index.php' (include_path='.:/usr/local/share/pear') in Unknown on line 0

Anyway my end goal was to keep user directories private from other users on the system... I have looked at [chroot] and [freebsd jail] but I though I should be able to accomplish my needs with permissions...

Please advise...
 

mjguzik

Member

Thanks: 7
Messages: 36

#2
Apache doesn't use complete group list (probably just calls setgid instead of segtgroups), thus apache's process is only in the 'www' group.
 

vask

Member

Thanks: 4
Messages: 56

#3
I was able to make what I needed in my first post work by restarting the server...

I did not have to change any permissions from above.

Unfortunately I am still looking at other ways to secure my webhosted files... I will make a new post if I need help on this topic.
 
Top