Code:
# Allow users to have their own public_html directory
UserDir public_html
UserDir disabled root
Now make that directory setgroup id:
Code:
chmod g+s /home/*/public_html
chown :apache /home/*/public_html
In /etc/profile add:
Now get them to put all their files in their public html directory. And do:
Code:
chmod -R o-rwx /home/*/public_html/
Now If you look in one of their public_html directories you should see permissions similar to this:
Code:
-rwxr-x--- 1 tim apache 7000 Jul 19 22:02 index.php*
Where tim is the username, apache is the user that the apache server runs as and there are no permissions for the 'others' group. Now you just have to check that their umasks are 0027
and that they don't change them and that they don't use chmod to add permission for the others group.
If anyone has a cleaner way of doing this please speak up.