From owner-freebsd-questions@FreeBSD.ORG Sat Feb 20 07:11:49 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7E9F106566C for ; Sat, 20 Feb 2010 07:11:49 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id 271088FC0A for ; Sat, 20 Feb 2010 07:11:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id o1K7BkCB014948; Sat, 20 Feb 2010 18:11:46 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Sat, 20 Feb 2010 18:11:46 +1100 (EST) From: Ian Smith To: Programmer In Training In-Reply-To: <20100219113921.BEF7610656FB@hub.freebsd.org> Message-ID: <20100220173427.E47158@sola.nimnet.asn.au> References: <20100219113921.BEF7610656FB@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-questions@freebsd.org Subject: Re: User Directories On FreeBSD 8.0-RELEASE X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Feb 2010 07:11:49 -0000 In freebsd-questions Digest, Vol 298, Issue 8, Message: 3 On Thu, 18 Feb 2010 15:26:58 -0600 Programmer In Training wrote: > On 02/18/10 14:54, Craig Whipp wrote: > > > What are the permissions for your $HOME and $HOME/public_html? The user > > that apache is running as must be able read from these directories. > > > > - Craig > > drwxr-xr-x 49 user1 user1 1536 Feb 18 14:31 user1/ > drwxr-xr-x 18 user1 user1 2560 Feb 14 09:25 public_html/ It's not quite clear what question produced those answers .. is the directory structure /home/user1/public_html/ ? Also check that 'ls -ld /home/' (with trailing /) itself has 755 perms, since Apache has to descend from / to get there (also see below ..) Presumably /home/user1/public_html/index.html is world-readable? eg 644 > Possibly not the most secure permissions but I don't remember the > default (I think it's 644). No, you need the x bits to descend into directories (755) > Apache runs as user:group deamon:daemon Why is that? Default www:www provides a user that no other processes use, but other processes likely run as user daemon .. security issue? > Trying to su in from root as daemon returns the following: > > su - daemon > This account is currently not available. Matthew covered that. > user and group do exist (quadruple verified). What have you got configured for ? I've noticed that recent Debian Apache2 configs do not default FollowSymLinks here, and where /home is a symlink to /usr/home that may be problematic; eg: Options FollowSymLinks AllowOverride None order allow,deny deny from all cheers, Ian