On Wed, Jun 29, 2016 at 09:37:36PM +0200, Stefan Sperling wrote: > On Wed, Jun 29, 2016 at 08:15:35PM +0200, Johan Tärnklint wrote: > > Seeking advice / security tips. > > > > Is it safe to create /var/www/htdocs/user1 and symlink to their home > > folder? > > > > Then set permissions to user1:www on /var/www/htdocs/user1 ? > > > > Does it break the chroot? Is it safe? Better solution? > > It won't work. httpd in chroot cannot read files outside of /var/www, > so it cannot access /home/user1. > > Allowing web access to the full home directory of a user is not a good > idea anyway. There are configuration files in there, some of which may > contain sensitive information. Users may make errors while configuring > permissions for sensitive files, accidentally exposing private information. > > Instead, you could do it the other way around: Create a symlink in the > user's home dir which points to the user's dir in /var/www: > > /home/user1/public_html -> /var/www/htdocs/user1 > > Now users can place files they want to expose to the web into ~/public_html > and the web server will be able to read them. >
I'm not entirely sure you guys are describing different things. :-) - Actual directiry somewhere under /var/www, writable by $USER - Symlink as whatever (public_html, www, ...) in $HOME/, pointing at above directory If the actual directory is within the chroot, it certainly won't break no matter how many symlinks you point at it. /Alexander
