So, for my clients to who have sites hosted on my server, I create user accounts, with standard home folders inside /home.
I setup an SSH jail for all the collective
users, because I really am against using a separate FTP server. Then, I installed ACL and added acl to my /etc/fstab
— all good.
- I cd into
/home
andchmod 700 ./*
. - At this point users cannot see into other users home directories (yay), but apache can't see them either (boo)
- . I ran
setfacl u:www-data:rx ./*
. I also tried individual directories. - Now apache can see the sites again, but so can all the users. ACL changed the permissions of the home folders to
750
.
How do I setup ACL's so that Apache can see the sites hosted in user's home folders AND 2. Users can't see outside their home and into others' files.