I need some help setting the correct permissions or ownership of the apache document root. Here is what I need:
- different websites stored in
/var/www/html/<site> - two users should update/manage the websites through ssh
- ownership should be different than the apache user (for security)
How can I do this? At the moment all files are world-writeable, which isn't good. The server runs CentOS 5.5
Thanks
Create a new group
Add your users to the group
Change ownership of the sites directory
Change permissions of the sites directory
Now anybody can read the files (including the apache user) but only root and webadmin can modify their contents.
I prefer to mount the partition with -o acl. This allows you to use the setfacl command to give set fine grained permissions on files and folders, instead of only specifying user-group-other permissions.
So put acl to your partition line in /etc/fstab, or remount with mount -o remount,acl /mnt/xy, and then give ownership of your web directory to nobody:nobody. Chmod to 770, and use setfacl to give write permissions only on the folders that need it, eg. give www-data (or the user your webserver runs as) write permissions for the upload folder, and give write permissions to your own user for the whole directory.
Now nobody can read your files, apart your webserver, and your own user. You can write to every file in the folder, and the webserver can only write into the upload folder.