this indeedcould work ill check it later. I you wont'd mind im still interested in solution that will not require group perms. I saw it on one serwer but i've lost contact to admin soo im trying to figure it out :). But i'll write later that this works as well :D
2011/1/3 Aki Tuomi <[email protected]>: > Well. you do not need add joe or meg into group www-data. But apache needs to > read them anyways, just make sure apache runs in group www-data. joe or meg > cannot access these files with their accounts. > > So. To summarise > > joe or meg should *NOT* be in www-data group. directory ownership should be > joe:www-data and chmod 0750 for the directory. > > Aki Tuomi > > On Mon, Jan 03, 2011 at 12:43:16PM +0100, Grzegorz Dwornicki wrote: >> Firt of all thx for squick reply :D >> >> the problem is that apache can read thesse files. Lets say that i have >> 2 users joe and meg and this structure of files: >> >> /home/joe/public_html/index.php >> >> /home/meg/public_html/config.php >> >> According to this if i want to secure php from joe site to be able to >> open meg's secret.php just for reading file ("r" perm) i need to takie >> some action maybe from php.ini. >> >> If i wont do this joe scripts are run as joe:www-data? Soo joe can't >> open them but group www-data can. >> >> That's why ive tried to run apache as root and suphp. Too eliminate >> group perms. But as i say it generates 500 internal server error and >> error.log shows what i've pasted earler. >> >> Is it possible? >> >> Best Regards >> >> 2011/1/3 Aki Tuomi <[email protected]>: >> > On Mon, Jan 03, 2011 at 12:05:35AM +0100, Grzegorz Dwornicki wrote: >> >> Hi >> >> >> >> Let's say i want to create a configuration of apache2 + suphp with >> >> will allow users to set right for their files and directories to owner >> >> only. Soo php needs to be run as owner (this takes suphp). But in >> >> order to apache even run suphp it needs to go to documentroot and look >> >> at index file or other file that user had requested. To to tjis apache >> >> needs to be able to go to that directory ignoring file rights - maybe >> >> apache run as root? >> >> >> >> I wanted to chect this configuration but it seems that apache as root >> >> and suphp creates errors like this: >> >> >> >> ... >> >> >> >> Best Regards >> >> Grzegory >> >> >> > >> > Of course, you could set the directory to be owned by username:www-data >> > (or whatever group your apache uses), and set perms to 0750. This would, >> > in my opinion, achieve the same security? >> > >> > Aki Tuomi >> > >> > -----BEGIN PGP SIGNATURE----- >> > Version: GnuPG v1.4.9 (GNU/Linux) >> > >> > iEYEARECAAYFAk0hrNAACgkQahHbMDrZuj56pQCfZKxtMwyeCKFvZuAojDmhK836 >> > uAkAn3HNEkLFkyMyWp1aiVlqeDSs1IMG >> > =EsWr >> > -----END PGP SIGNATURE----- >> > >> > >> >> _______________________________________________ >> suPHP mailing list >> [email protected] >> https://lists.marsching.com/mailman/listinfo/suphp >> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAk0ht6wACgkQahHbMDrZuj4DgACgmLMNX29qQJq4Zr/SewegJv2b > 1XkAnjEzoK+eqnMqr6bCfY8wGLq0/16x > =xtDq > -----END PGP SIGNATURE----- > > _______________________________________________ suPHP mailing list [email protected] https://lists.marsching.com/mailman/listinfo/suphp
