关于基于ACL的Apache(suexec)下虚拟主机文件权限配置 - Techyou labs

真正的爱应该超越生命的长度，心灵的宽度，灵魂的深度

文章分类

Default Linux/Unix Database Cloud Networking Security Programming

最新文章

带你重走 TiDB TPS 提升 1000 倍的性能优化之旅 Unicode 中的 BIDI 双向性算法[转]在linux中设置优先使用ipv4,而不是ipv6 linux下WPS高分辨率下因字体缩放导致字体发虚的问题 ssh-rsa not in pubkeyacceptedalgorithms问题解答及处理办法 Permission denied (publickey)在 Ubuntu 22.04 中使用 PipeWire 替换 PulseAudio MYSQL简单监控指标 deepin-wine6-stable下TIM悄悄崩溃问题 openwrt 设置ipv6地址分配 Redis 实战篇：巧用数据类型实现亿级数据统计

最新评论

renothing: 备注：路由器端优先设置ipv4并不影响客户端的ip... renothing: 二次反向代理跟你应用程序得处理时间有关系吧？尤其是... 二次反向代理性能很差，怎么优化的？: 我也用nginx 做了个二次反向代理，但是并发连3... hostyep: 交换链接么？目前每天保持30个左右对口IP，每月都... yzhkpli: error while loading share... 美肤宝: 感谢分享。。。 lq: 嗯喜欢弄得点单点

按月归档

March 2023 December 2022 November 2022 September 2022 August 2022 March 2022 January 2022 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 February 2021 September 2020 May 2020 September 2019 August 2019 July 2019 June 2019 May 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 April 2018 March 2018 December 2017 October 2017 September 2017 August 2017 April 2017 March 2017 February 2017 August 2016 July 2015 November 2014 September 2014 August 2014 July 2014 June 2014 July 2013 April 2013 September 2012 July 2012 May 2012 April 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 June 2009 May 2009 April 2009 March 2009 February 2009 December 2008 November 2008 September 2008 August 2008 July 2008 June 2008

常用标签

Mysql nginx mysql优化 linux debian

Powered by Typecho)))

Optimized by EAimTY

关于基于ACL的Apache(suexec)下虚拟主机文件权限配置

October 12, 2010

ACL+grsecurity+jailkit

目录最好设置成750，否则会出现403错误

php等cgi程序，去掉其他用户的任何权限，防止在开通了shell的情况下被跨站攻击
/home 目录本身为751（根据suexec配置选项所得）
/home下所有目录默认750，并分配如下ACL权限,web-httpd为Apache运行身份，www-data为nginx运行身份
/home/cgi-system/ 目录为751，子目录及其文件为750

setfacl -m u:web-httpd:rx,g:web-httpd:rx,u:www-data:rx,g:www-data:rx,o::- -R /home
setfacl -d -m u:web-httpd:rx,g:web-httpd:rx,u:www-data:rx,g:www-data:rx,o::- -R /home

logs目录设置用户可读

#setfacl -m u:user:r,g:user:r -R /home/user/logs
setfacl -d -m u:user:r,g:user:r -R /home/user/logs

/home/username 目录属性为710/750
下级目录和文件属主为用户本身，权限750

参考
http://linux.chinaunix.net/techdoc/beginner/2009/10/27/1141592.shtml
http://www.cnblogs.com/cabin/archive/2010/09/18/1830180.html
http://www.ibm.com/developerworks/cn/linux/l-acl/
http://ljh0242.blog.163.com/blog/static/5697009020088223959537/

暂无评论