Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 20 Feb 2010 18:11:46 +1100 (EST)
From:      Ian Smith <smithi@nimnet.asn.au>
To:        Programmer In Training <pit@joseph-a-nagy-jr.us>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: User Directories On FreeBSD 8.0-RELEASE
Message-ID:  <20100220173427.E47158@sola.nimnet.asn.au>
In-Reply-To: <20100219113921.BEF7610656FB@hub.freebsd.org>
References:  <20100219113921.BEF7610656FB@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
In freebsd-questions Digest, Vol 298, Issue 8, Message: 3
On Thu, 18 Feb 2010 15:26:58 -0600  Programmer In Training <pit@joseph-a-nagy-jr.us> wrote:
 > On 02/18/10 14:54, Craig Whipp wrote:
 > <snip>
 > > What are the permissions for your $HOME and $HOME/public_html?  The user
 > > that apache is running as must be able read from these directories.
 > > 
 > > - Craig
 > 
 > drwxr-xr-x  49 user1  user1  1536 Feb 18 14:31 user1/
 > drwxr-xr-x  18 user1  user1   2560 Feb 14 09:25 public_html/

It's not quite clear what question produced those answers .. is the 
directory structure /home/user1/public_html/ ?

Also check that 'ls -ld /home/' (with trailing /) itself has 755 perms, 
since Apache has to descend from / to get there (also see below ..)

Presumably /home/user1/public_html/index.html is world-readable? eg 644

 > Possibly not the most secure permissions but I don't remember the
 > default (I think it's 644).

No, you need the x bits to descend into directories (755)

 > Apache runs as user:group deamon:daemon

Why is that?  Default www:www provides a user that no other processes 
use, but other processes likely run as user daemon .. security issue?

 > Trying to su in from root as daemon returns the following:
 > 
 > su - daemon
 > This account is currently not available.

Matthew covered that.

 > user and group do exist (quadruple verified).

What have you got configured for <Directory /> ?  I've noticed that 
recent Debian Apache2 configs do not default FollowSymLinks here, and 
where /home is a symlink to /usr/home that may be problematic; eg:

	<Directory />
		Options FollowSymLinks
		AllowOverride None
		order allow,deny
		deny from all
	</Directory>

cheers, Ian

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100220173427.E47158>