Lock folder access to linux user behind /var/www?

V

valeraisrock2021-06-24 03:37:46

linux

valeraisrock, 2021-06-24 03:37:46

Guru.

I create a folder in home, then I create a group new (with users root, luser) and give the folder 0777 access to the group, any other user vasya cannot read it.

but when I create a folder in /var/www and do the same, Vasya sees it.

the question is how can I close access to Vasya, what would the root see and change, the www-data group (Wordpress read), but Vasya did not see it at all if he got stuck. Vasya is not in the www-data group, what did I miss?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Andrew, 2021-06-24
@valeraisrock

Well, 0777 full access for everyone, 0770 - full access (including execution) to the owner, group. For others, the prohibition of any action.
Owner: rwx=4+2+1=7
Group: rx=4+0+1=5
Other: rx=4+0+1=5

S

SagePtr, 2021-06-24
@SagePtr

The easiest way is to change the group to www-data, and set the rights to 750. Then the owner and root can do anything, the group can read, and the left can't do anything. But remember that through symbolic links, an attacker on another account using a web server will be able to pull out other people's files if the server has access to them, so you need to additionally configure protection for this case.

F

Fenrir89, 2021-06-24
@Fenrir89

Vasya is the owner of the folder? Then 0070 is only for the group, or change the owner of the folder via chown