Is there a way to allow apache (dhapache) access to my web files, but disallow other dreamhost shell users from accessing them? According to the wiki (http://wiki.dreamhost.com/Security), to allow apache access, the directories need to be executable by other (o+x) and files need to be readible by other (o+r).
I have a ZenPhoto site. I want only my family members to be able to see it. As a result, I set it up with logins per member (using the ZenPhoto interface).
This works well for me. However, a possible scenario occurs to me:
I need to have the zenphoto directory be “world” readable so that Apache can get to it. However, doesn’t this mean that all other DreamHost shell users can also get to it?
More generally, my home directory has permissions 751 (the default). However, doesn’t that mean that anyone can cd into it? If, the zenphoto directory has permissions of 755, can’t anyone cd into that sub-directory and list the files? If, then a picture file in there (call it compromising.jpg) has permissions 644, can’t anyone look at it?