Brian Candler schreef:
In their homedir there is a `ln -s` to their /var/www/home/username
webspace. That webspace is chowned username:www and chmodded 770 so
httpd can access/write to their dir as well.
Is that advisable / workable? Other ideas?
You don't want the www user being able to write to your web space.
Think about it.
DS
Just did - <blush>
Thanks for pointing that out.
So that should be chmod 750.
You've raised an interesting point though. This is fine if all they want to
do is serve static content. But it gets hairier if they want to run CGIs,
and even hairer again if they want to run long-lived processes which handle
multiple requests (such as Rails, or mod_php for php intensive sites)
You don't want user 1's web applications to be able to access data in user
2's web application storage space.
I will only be using mod_php. In the past, without the user shell
accounts, this has worked rather well for me in combination with the
"open_base_dir" directive in the VirtualHost.
This binds PHP's abilities to the specified directory (or directories)
for that specific virtual host.
Am I overlooking something with that setup?
I get the impression from your reply this might be rather unsafe?
Thanks,
Matt
