From owner-freebsd-questions  Sun Nov 10 12:21:36 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E6EE637B401
	for <freebsd-questions@FreeBSD.ORG>; Sun, 10 Nov 2002 12:21:34 -0800 (PST)
Received: from mail.smartnet.se (mail.smartnet.se [194.237.72.231])
	by mx1.FreeBSD.org (Postfix) with SMTP id 6F97D43E3B
	for <freebsd-questions@FreeBSD.ORG>; Sun, 10 Nov 2002 12:21:33 -0800 (PST)
	(envelope-from johannes@smartnet.se)
Received: (qmail 8676 invoked from network); 10 Nov 2002 20:00:11 -0000
Received: from as14-5-4.mt.g.bonet.se (HELO ?192.168.0.3?) (217.215.46.103)
  by mail.smartnet.se with SMTP; 10 Nov 2002 20:00:11 -0000
Mime-Version: 1.0
X-Sender: johannes@smartnet.se@mail.smartnet.se
Message-Id: <p05111701b9f47039c0a8@[192.168.0.3]>
Date: Sun, 10 Nov 2002 21:21:23 +0100
To: freebsd-questions@FreeBSD.ORG
From: Johannes Angeldorff <johannes@smartnet.se>
Subject: Permissions & user/group scheme for webserver?
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Dear FreeBSD:ers!

We are converting an old Windows web server to a new FreeBSD 4.6 
webserver with apache and PHP.

I could really need some help/tips for securing the server for each user...

I want users to be able to FTP in their files to their home 
directories, and I want the web server to be able to read and execute 
all users' files... But I _don't_ want users to be able to read each 
others' files (since they may include for example passwords for MySQL 
databases). And of course, the users should not be able to read other 
files on the machine, like /etc/master.passwd.

Simply: I want users to only FTP in their own directories, and the 
web server to be able to read it all...

Has anyone a good scheme how to set up user and groups - with 
suitable permissions - for the webserver, FTP and the users' home 
dirs?

Very grateful for all help on this matter!

Sincerely,
Smartnet Sverige AB

Johannes Angeldorff

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message