Apache AND chmod 770 ("User and Group ONLY" Files Hosted on the Web)

vask

Member

Thanks: 4
Messages: 56

#1
I am exploring file permissions and noticed that apache can host this file:
#ls -la
-rwxrwx--- 1 main www 40 Jan 27 01:54 index.php

The part that throws me off though is that apache can NOT host this same file with:

# chown main:main index.php
# groups www
www main
#ls -la
-rwxrwx--- 1 main main 40 Jan 27 01:54 index.php

Isn't the user [www] in the group [main] so shouldn't that do the this file still be accessible on the web instead of throwing the error:

Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0

Fatal error: Unknown: Failed opening required '/www/site/main/public/index.php' (include_path='.:/usr/local/share/pear') in Unknown on line 0

Anyway my end goal was to keep user directories private from other users on the system... I have looked at [chroot] and [freebsd jail] but I though I should be able to accomplish my needs with permissions...

Please advise...
 

mjguzik

Member

Thanks: 7
Messages: 36

#2
Apache doesn't use complete group list (probably just calls setgid instead of segtgroups), thus apache's process is only in the 'www' group.
 
OP
OP
V

vask

Member

Thanks: 4
Messages: 56

#3
I was able to make what I needed in my first post work by restarting the server...

I did not have to change any permissions from above.

Unfortunately I am still looking at other ways to secure my webhosted files... I will make a new post if I need help on this topic.
 
Top