Home directory permissions question


#1

Hello,

I have a question: if I set the permissions of my home directory to 755 (and subdirectories) - (I have to do that in order to have a viewable web page), will other users on the same server (other than those in my group) be able to read the contents of files under my home directory?


#2

[quote]I have to do that in order to have a viewable web page
[/quote]

Why do you say that? Standard permissions, without you editing them should be working just fine.

Changing thoes permissions, I believe, would allow others from your server to access your home direcotry - including all of your E-mail. So this probably isn’t something that you’d want to do.

You should be placing all of your site files inside of the domain.com folder in your home directory. As I said before, this should already have correct permissions set.

-Matttail


#3

Thanks for your answer.

But what are the default permissions for the home directory ? I don’t remember what they were initially.

Thanks.


#4

The “lowest” permissions I could find for the home directory that would still make my site viewable are 701; but as far as I know this would still allow an “other” user to read the contents of a file in my site.com folder if he knows the full path - because files there need to have read rights for “other” (and so it allows him to read php files containing mysql passwords for example).

So I’m assuming the protection is done through other mechanisms? Or is it?

Thanks


#5

Well, I’m sorry - I was wrong. It seems that permissions for the home directory (/home/username) are set world readable/writable - 777 (lrwxrwxrwx). I guess it’s the group ownership thing that keeps other people out of your files. The domain.com folder should be 755.

-Matttail


#6

Actually you can still set your own permissions for the home directory (other than 777) but ls will show 777 as there seems to be some DH mechanism for protection in there.

I thought there had to be some other DH mechanism for protection but I still asked as I wanted to be sure I’m not letting in users that shouldn’t get in.

Thanks


#7

The permissions 777 are for a symlink that redirects to another location.


#8

It seem I was wrong too.
They cannot access files in your site.com dir if you have 751/701 for your home dir.
So I guess you can just use the default 751 permission.