Talk:Access Control Lists
Increase security of your web server
I struggled understanding the last revision of this section. I tried to reproduce it in a more clear way, but I'm not sure I achieved what the original author was trying to do.
I still think that the example lacks necessary real world applicability. If at all, the web server should only have access to a specific folder within the user's home directory.
Any more suggestions?
You can now add permissions to our home directory and/or site directory only to nobody user any anyone else - without "whole world" to increase your security.
Add permissions +x for nobody user on your home directory via ACL:
# setfacl -m "u:nobody:--x" /home/homeusername/
Now you can remove whole world rx permissions:
# chmod o-rx /home/homeusername/
Check our changes:
# file: username/ # owner: username # group: users user::rwx user:nobody:--x group::r-x mask::r-x other::---
As we can see others do not have any permissions but user nobody have "x" permission so they can "look" into users directory and give access to users pages from their home directories to www server. Of course if www server work as nobody user. But - whole world except nobody - do not have any permissions.