Permissions issue


#1

Hello, I’m new here just signed up yesterday!

I’m having a problem though. I have two users (say, a and b). A owns the web files, and b is the web daemon who runs php5.cgi to run them.

Now, A and B are in the same user group. When I change my web files’ permission to 0750 (Writable by owner, readable by group, nothing by world), then I get 403 permission errors when trying to access the site.

Why would this be?


#2

Because we use suExec.

–rlparker
–DreamHost Tech Support


#3

That setup (one user owning the files and a separate one running them) isn’t a configuration we support. There may be ways to get it to work, but we cannot support them, and they may stop working due to configuration changes.

More generally, though, the Apache server is running as its own user, not as a member of your user group, so it can’t display files with permissions set to 750. For reasons that rlparker alluded to, you can run PHP scripts with these permissions, but you cannot display static files whose permissions would not allow “world” users to view them.

If you’re concerned about the security of files in your web directory, set your shell user to “Enhanced Security” in the users panel. This will change the ownership on your directory to prevent any users except yourself and the web server from viewing your home directory, at the expense of also preventing other users in your group from viewing it. (You win some, you lose some.)