When hosting many customers on the same server it is important that each customer be able to read and write his own files without also having the ability to read (or write!) the files of other users - which is often easily allowed by mis-setting the ownership of CGI scripts.

The goal is to ensure compartmentalization - each customer should be able to read and write his own files, but should not be able to access the files of other users, either directly, or through abuse of CGI scripts.

What is the recommended layout?

Each customer has his own Unix User ID and Group. A customer's Home directory is owned by that customter's UID, with group ownership set to the GID which the web server runs as. The customer's Home directory should have the mode 2750. The setgid bit on the home directory ensures that any files that the user creates will inherit the Web Server's Group. Each user should have a default umask of 0027.

For example, let us say that the web server runs as the user 'webuser' and the group 'webgroup'. No user other than the web server is a member of the group 'webgroup'. The global.cfg file for the web server (ZEUSHOME/web/global.cfg) will contain:

errlog ZEUSHOME/web/log/errors
gid webgroup
uid webuser
controlport 9080
controlallow 127.0.0.1

Looking at an example user's home directory:

limitingfactor:/home$ ls -al bobtotal 2drwxr-s---    2 bob      www-data     1024 Feb 19 01:00 .drwxrwxr-x    3 root     root         1024 Feb 19 01:00 ..

When Bob uploads his index page, it will inherit group ownership of 'www-data'.

Note that Bob can read and write his own files, and the web server is able to read them, but other users cannot access Bob's files. In addition, if the web server is set to run CGIs as the file owner, each user's CGI scripts will be unable to access other user's files.

Content Manager [Administrator] 19 September 2005