Set rights of files in public_html
Set rights of user /home/*/public_html directors in a secure and useful way
- all files/directories get chown user:www-data, so users own them and the webserver has group access
- group www-data is added g+r for files (webserver can read all files) g+rsx for directories (webserver can read and change into all directories)
- o-rights (for all) are completely removed, so shell users can't read files of other users (possibly containing passwords etc).
You can run the script using sudo fixphrights.sh
or add a cron-job to go over all public_html directories every hour or so.
Note: Users should be informed what happens, because a lot have taken the bad habit of doing chmod 755 to everything, and they will be confused if their files go back to 750 every hour.
Ref: http://ubuntuincident.wordpress.com/2010/11/21/setting-rights-for-public_html/
#!/bin/bash - #=============================================================================== # # FILE: fixphrights.sh # # Usage: ./fixphrights.sh # # Description: Set rights of user /home/*/public_html directors in a secure # and useful way # - all files/directories get chown user:www-data, so users own them # and the webserver has group access # - group www-data is added # g+r for files (webserver can read all files) # g+rsx for directories (webserver can read and change into all directories) # - o-rights (for all) are completely removed, so shell users can't read # files of other users (possibly containing passwords etc). # This can be run in a cronjob and will fix rights every five minutes, e.g.: # Crontab entry: # 5 */1 * * * root nice /home/brb/bin/fixphrights.sh # Options: none # Requirements: --- # BUGS: --- # Notes: --- # Author: Bernhard Brunner (bn), bernhard point brunner att epr point ch # Company: epr.ch # Created: 2011/03/11 07:33 # Last modified: 2011/03/11 07:40 # Revision: --- #=============================================================================== set -o nounset # Treat unset variables as an error setrights () { echo $1 cd /home/$1 mkdir -p public_html cd public_html find . -type d -print0 | xargs -0 chown $1:www-data find . -type d -print0 | xargs -0 chmod u+s,g+rsx,o-rwx find . -type f -print0 | xargs -0 chown $1:www-data find . -type f -print0 | xargs -0 chmod g+r,o-rwx chown $1:www-data . chmod u+x,g+rx,o-rwx . # chmod u+x } # ---------- end of function setrights ---------- cd /home for i in * ; do echo $i if [[ "$i" != "lost+found" ]] ; then setrights $i fi done
~~LINKBACK~~ ~~DISCUSSION~~