Allowing access to source files for only a group of users in a webserver

Question

I have this folder structure for a RootFolder in a Webserver (apache server on linux)

 RootFolder
       Export           
       Files 
       Site

and want the access to the files (source code) in Export and Site to be allowed only for a group of user in "priv_group" and not allowed for others even for server administrator and the user running the apache process (but other users should still be able to run the scripts in Export and site folders). "Files" folder should be accessible for all.

i thought of doing this:

apache process running by group : www-data
group of users that should have access to source files : priv-users

drwxrwx---  www-data    priv-users Files/ 
-rwx--x---  priv-users  www-data   Export/  
-rwx--x---  priv-users  www-data   Site/

is this enough ? and would it prevent access to website pages (in Site/) and for scripts files that should be run by other users (in Export/) ?

score 0 · Answer 1 · answered Jan 09 '14 at 19:47

From my understanding of your post your solution should work the way you intend. However I would not suggest giving write privileges to www-data, depending on what you are trying to accomplish that is. Personally I would also use htaccess and allow,deny to control web access to files on the server instead.

Allowing access to source files for only a group of users in a webserver

1 Answers1