0

So my linux box has 2 users :

  • root (which I use)
  • dev (the user that my developer uses)

I have a few directories on my web server which I need to restrict access from the "dev" user.

So, for example :

/var/www/html/www.mysecuresite.com (dev user should not access)
/var/www/html/www.mysecuresite2.com (dev user should not access)
/var/www/html/www.devsite.com (both root and dev should access)
/var/www/html/www.devsite2.com (both root and dev should access)
..
..
..

Apache is currently running as apache:apache

How do i make sure that apache can run all directories but the dev user cannot access the directories he is not supposed to ? What permissions do I give to the directories, and run apache as so that the above rules are fulfilled ?

Is this technically possible to do by just tinkering with permissions, users and groups ?

Edit: The above folders contain fully dynamic web applications written in PHP, connecting to MySQL, file uploads etc.

There are no groups currently set up on my linux box. I am not a seasoned linux user, so I would really appreciate detailed advice on what would be the best way forward for me.

Thanks !

YD8877
  • 325
  • 1
  • 5
  • 11
  • first off why do you use root? that is just asking for trouble. you really should use a non priv user, and then use something like sudo when you need elevated privs (much safer that way, and since you are asking about permissions, I am guessing you are not a seasoned unix admin). In order to answer your question we will need to know what kind access apache needs to the secure sites, are they running scripts/just straight html? does it need write access, or read only access? Do you already have groups setup? – Doon Feb 07 '15 at 22:07
  • @Doon Edited my question to add the information you requested. – YD8877 Feb 07 '15 at 22:17
  • just remove the read permissions for other and set everything under apache directories to apache:apache – c4f4t0r Feb 07 '15 at 23:57
  • is php running as the apache user? or running under something like suphp? Does it need write access to anything in those directories. – Doon Feb 08 '15 at 12:13

0 Answers0