On Sun, Mar 21, 2004 at 05:30:25AM -0500, Alexandre Gauthier wrote: : : On 18/03/04 04:33, "Eugene Lee" <list-themacintoshguy at fsck.net> wrote: : > : > Incorrect. Files (and directories) to be served by Apache need to be : > readable by the Apache process. For example, if you configure Apache to : > run as user "www" and group "www", then served content must be readable : > by either the user "www" or anyone within the group "www". : > : > In a shared web server, a typical method is to make all users' web : > directories group-readable by Apache, but also disallow all world privs. : > Doing this keeps users from accessing each other's web content. : : Would you mind describing how to do this more in details? I am interested in : finding out. This is the general idea for each user: $ chgrp www ~USER/Sites $ chmod 750 ~USER/Sites where USER is replaced with the actual username. The first command makes sure that the user's web directory (i.e. "~USER/Sites") has a group ID belonging to the Apache process (i.e. "www"). The second command makes sure that the user still can still modify everything in the web directory, yet restricts the Apache process "www" to read-only access. This also takes advantage of the fact that OS X tends is a bit sloppy on the security end. As a result all files and directories in the web directory are world-readable unless set otherwise. BTW, don't read "sloppy" as "insecure". That's not true with OS X. -- Eugene Lee http://www.coxar.pwp.blueyonder.co.uk/