Ping a Specific Port

Question

Tony

Asked: 2009-07-06 18:54:35 +0800 CST2009-07-06 18:54:35 +0800 CST 2009-07-06 18:54:35 +0800 CST

Best way to set permissions for someone who will be using my server?

772

I am working on a website with someone. I want to give them access only to their home directory and the website directory. What is the easiest way to accomplish this? I also don't want this to mess up apache's permissions with the site. I am running Ubuntu.

3 Answers

Voted

sclarson · Answer 1 · 2009-07-06T19:32:03+08:00

Best Answer

sclarson

2009-07-06T19:32:03+08:002009-07-06T19:32:03+08:00

You could create a group for that website project, then add his user account to that group. Be certain the group has write access to the website folder.

If you'd like to make things slightly easier for him copying to the website folder you could create a link in his home folder to the project web folder.

groupadd projectX
useradd -G projectX consultantID
chown -R Apache:projectX /var/www/projectDir
cd ~consultantID
ln -s /var/www/projectDir

2

ko-dos · Answer 2 · 2009-07-07T01:42:31+08:00

ko-dos

2009-07-07T01:42:31+08:002009-07-07T01:42:31+08:00

You should reconfigure your home directories to not world-readable:

dpkg-reconfigure adduser

And check permissions for existing home dirs. I wouldn't worry to much about system folder access, linux default permissions are already meant for a multi user environment.

Afterwards put the user in his own group and create his webserver directory, make sure www-data is able to read there. Look out for other world writable folders though.

If your user is allowed to upload cgi/php scripts you probably want to look into suexec for apache, since those scripts will be running as user www-data. It is trivial to upload a php shell and browse other users document roots. Their home directories will be save if you removed the world read permission.

Update: I totally forgot to mention rbash. Just replace your users login shell with rbash and he won't be able to change directories anymore:

chsh -s /bin/rbash user

1

Saurabh Barjatiya · Answer 3 · 2009-07-06T21:46:47+08:00

Saurabh Barjatiya

2009-07-06T21:46:47+08:002009-07-06T21:46:47+08:00

You can restrict them to just their home directory using chroot. But it is very complicated to setup. If it is worth it you can have look at Security focus article on building secure user environment.

You can also use option ChrootDirectory provided by SSH server. You would have to edit sshd_config file and enable chroot for that user.

If you really go for it then you can configure apache using Alias or VirtualHost to server files from some folder say ~/web. You can also enable UserDir so that user can see pages of folder "~/public_html" at

http://<domain>/~<username>

In either case do chmod o+x on his home directory so that apache can go inside it.

0

Best way to set permissions for someone who will be using my server?

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?