User Directories On FreeBSD 8.0-RELEASE
Ian Smith
smithi at nimnet.asn.au
Sat Feb 20 07:11:49 UTC 2010
In freebsd-questions Digest, Vol 298, Issue 8, Message: 3
On Thu, 18 Feb 2010 15:26:58 -0600 Programmer In Training <pit at joseph-a-nagy-jr.us> wrote:
> On 02/18/10 14:54, Craig Whipp wrote:
> <snip>
> > What are the permissions for your $HOME and $HOME/public_html? The user
> > that apache is running as must be able read from these directories.
> >
> > - Craig
>
> drwxr-xr-x 49 user1 user1 1536 Feb 18 14:31 user1/
> drwxr-xr-x 18 user1 user1 2560 Feb 14 09:25 public_html/
It's not quite clear what question produced those answers .. is the
directory structure /home/user1/public_html/ ?
Also check that 'ls -ld /home/' (with trailing /) itself has 755 perms,
since Apache has to descend from / to get there (also see below ..)
Presumably /home/user1/public_html/index.html is world-readable? eg 644
> Possibly not the most secure permissions but I don't remember the
> default (I think it's 644).
No, you need the x bits to descend into directories (755)
> Apache runs as user:group deamon:daemon
Why is that? Default www:www provides a user that no other processes
use, but other processes likely run as user daemon .. security issue?
> Trying to su in from root as daemon returns the following:
>
> su - daemon
> This account is currently not available.
Matthew covered that.
> user and group do exist (quadruple verified).
What have you got configured for <Directory /> ? I've noticed that
recent Debian Apache2 configs do not default FollowSymLinks here, and
where /home is a symlink to /usr/home that may be problematic; eg:
<Directory />
Options FollowSymLinks
AllowOverride None
order allow,deny
deny from all
</Directory>
cheers, Ian
More information about the freebsd-questions
mailing list