WebFaction
Community site: login faq

Can I, after playing around with ACL, remove all entries with “setfacl -R -b $HOME“ or does this break some (static/PHP only) websites? Which privileges do the apache and nginx user need?

asked 18 Aug '11, 06:28

msch
312
accept rate: 0%


Hello,

your static/php only apps are being served from the shared web server running under the apache user or from the frontend server, running under the nginx user. Those two users need read and execute permissions on your app folder. Execute permissions in order to traverese into the folder and read to read it's contents.

The common setup is to give special r-x permissions to those users (apache and nginx) on your home directory only (/home/your_username) and then have the path to webapps/your_app be readable and executable by others. Folders inside your home don't need to have any special acls, unless you want it too.

permanent link

answered 18 Aug '11, 06:38

iliasr ♦♦
2.1k14
accept rate: 35%

Thanks! So I would run “setfacl -R -b $HOME/*” to clear ACL? And the ACL for $HOME would be set to 750 with rx privileges for apache and nginx, with no default ACL set?

(18 Aug '11, 06:57) msch

A typical home folder should be in the following schema:

user::rwx
user:apache:r-x
user:nginx:r-x
group::--x
mask::r-x
other::---

And then yes, you don't need any more acls, unless you want to apply a more secure policy, as long as the other users (apache and nginx) in your system have read and execute permisisons to your static/php app folder.

(18 Aug '11, 07:09) iliasr ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×7

question asked: 18 Aug '11, 06:28

question was seen: 4,263 times

last updated: 24 Mar '12, 05:43

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM