# Apache AND chmod 770 ("User and Group ONLY" Files Hosted on the Web)



## vask (Feb 3, 2009)

I am exploring file permissions and noticed that apache can host this file:
#ls -la
-rwxrwx---  1 main  www     40 Jan 27 01:54 index.php

The part that throws me off though is that apache can NOT host this same file with:

# chown main:main index.php
# groups www
www main
#ls -la
-rwxrwx---  1 main  main     40 Jan 27 01:54 index.php

Isn't the user [www] in the group [main] so shouldn't that do the this file still be accessible on the web instead of throwing the error:

Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0

Fatal error: Unknown: Failed opening required '/www/site/main/public/index.php' (include_path='.:/usr/local/share/pear') in Unknown on line 0

Anyway my end goal was to keep user directories private from other users on the system...  I have looked at [chroot] and [freebsd jail] but I though I should be able to accomplish my needs with permissions...

Please advise...


----------



## mjguzik (Feb 3, 2009)

Apache doesn't use complete group list (probably just calls setgid instead of segtgroups), thus apache's process is only in the 'www' group.


----------



## vask (Feb 5, 2009)

I was able to make what I needed in my first post work by restarting the server...

I did not have to change any permissions from above.

Unfortunately I am still looking at other ways to secure my webhosted files... I will make a new post if I need help on this topic.


----------

