How can I serve from apache several projects and disallow that users project from reading other’s project? – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.
But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, apache-2.2, debian, permissions, .
Let’s explain that mess, I have some projects in one server under debian 6, each one located at their respective /home/USER with it’s respective user. I want the users that login as “project1” not being able to read files under other project folders (/home/project2 ie.). But I want apache to serve each project without permission forbidden.
I can get one thing or the other but not both at the same time. If I block users from reading the others with “chmod 0750 /home/project*” i get a “Forbidden” from apache.
How this could be solved?
One way to do it is to change the permissions of your projects to
750 and set the owner to
user1:www-data. This way the owner user has full privileges on the folder. The group
www-data has read+exec permissions which should be enough to serve contents from that folder.
You can either use extended ACLs to grant the user running Apache access, or do the usual and just give
o+x,g-rwx and put everyone in the same group.