Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need help in apache security setting of a high school.
We have setup the server so that http ://myschool.edu/~student1/ will be translated to /home/student1/public_html/ .This much works fine. However, we also allow ssh access to students. Problem is, student2, who is another (ssh)user on the system, can also view the html code of student1. If student1 makes his public_html folder inaccessible to other users(chmod o-r), his webpage will throw a Permission Denied error.
Is there any solution to this problem?
Good question but I have a question for you. If student1 is offering web pages viewable to the public then what is stopping the public from right-clicking on student1's page and viewing the source code? Putting a page on the web is, by default, allowing access to the code.
I am not sure whether I understood what you said What I get is to make a group apache which has read/execute privileges on public_html directories. But that should mean student1 also be in apache group. Sorry if I didnt make myself clear earlier, but student2 also has his own webpage and all. So he too needs to be in apache group if his pages are to be displayed. And since both are now in same group, they both have read access to each others.....well.....am i confusing or is it just that i am confused???
if you use redhat the apache user and group is setup already
the group file is like this
[root]# grep apache /etc/group
apache:x:48:
the passwd file is like this
[root]# grep apache /etc/passwd
apache:x:48:48:Apache:/var/www:/bin/false
the point is that the webserver is running as (usualy) the apache user.
so for a page to be displayed on the web, the apache user need to be able to enter the public_html dir and read the contents.
therfor only the apache user need to be in the apache group, and no other user will be able to enter or read other users public_html
as long as the apache user/group have read/execute on all public_html folders, if will be on the web.
#drwxr-x--- 15 username apache 4096 Jun 26 10:34 /home/username/public_html
--
apache also need to enter the /home/username dir in order to enter the public_html
#drwx--x--- 5 username apache 4096 Jan 30 01:18 username
the commands to set up all this on a rh server is
chgrp apache /home/username
chmod 710 /home/username
chgrp apache /home/username/public_html
chmod 750 /home/username/public_html
That was great. There will be some confusion in implementing groups (as of now, we have students of each class in one group) but I got the essence of what you meant. Let me just try them. Thanks pal.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.