Author Topic: [SOLVED] User Directory with webserver ACLs  (Read 1603 times)

Ghassan Barkasiah

  • Zen Apprentice
  • *
  • Posts: 29
  • Karma: +3/-0
    • View Profile
[SOLVED] User Directory with webserver ACLs
« on: March 05, 2020, 06:23:51 pm »
Hello All,

I have Zentyal 4, I setup Apache UserDir and all is working fine except one thing.
I create a "public_html" folder in every user home directory with permission USER:www-data and set guid to inherit the permission to any new file in it, but when users create a new folder or file the permission is "USER:Domain Users" which forbids apache to access these files or folders.

this is the permission for USER1 home folder
getfacl: Removing leading '/' from absolute path names
# file: home/USER1/
# owner: USER1
# group: www-data
user::rwx
group::---
group:www-data:rwx              #effective:r-x
mask::r-x
other::---

this is the permission for USER1 public_html
getfacl: Removing leading '/' from absolute path names
# file: home/USER1/public_html/
# owner: USER1
# group: www-data
# flags: -s-
user::rwx
user:www-data:r-x
group::r-x
mask::r-x
other::r-x

please anyone has an idea ?

thank you
« Last Edit: April 11, 2020, 05:08:11 pm by Thanatos »

doncamilo

  • Zen Samurai
  • ****
  • Posts: 478
  • Karma: +165/-1
    • View Profile
Re: User Directory with webserver
« Reply #1 on: March 06, 2020, 02:48:02 pm »
- Do my pigeons bother you passing over your land?
- They block the sun!

G. Guareschi., Don Camillo.,

Ghassan Barkasiah

  • Zen Apprentice
  • *
  • Posts: 29
  • Karma: +3/-0
    • View Profile
Re: User Directory with webserver
« Reply #2 on: March 07, 2020, 04:00:34 pm »
Actually yes i tried, still have same issue with sub-directories

thanks

Ghassan Barkasiah

  • Zen Apprentice
  • *
  • Posts: 29
  • Karma: +3/-0
    • View Profile
Re: User Directory with webserver
« Reply #3 on: March 08, 2020, 04:31:44 pm »
Thank you doncamilo.

After reviewing the link you've provided, i find that i had to Disable auto-granting permissions for the default group of user accounts.

setfacl -m default:group::--- public_html