I have php apps on a container on linux based image. That apps have to be public access (007 at least) to work properly. I am trying to create an user (inside container) with a script and give softlink related projects located under /var/www to that user's home directory. That user should read-write-exec only projects that has owned(i set with chown).
I managed that permission like that:
Set all folder's owner as root
Set permission all folder to 500 (r-x------)
Create a user(i took that name with an python script).
Set related folders owner as the created owner.
Run softlink command as created user. Softlink source location is /var/www target location /home/created-user.
With that settings user can only see its projects directory. However my php app not working anymore because of lack of public permission. To do that i have to set the permission at least 007. But this time other users can rwx that related directory.
I tried 770 still apps not working.
My question is how can I restrict a public folder from a specific user or for reader of . that question
D you know any other way?
Unix permissions are designed to allow this, but with some limitations (leveraged by ACLs which we don't need here).
Each file/directory has an owner
and a group
, and we can use that to our advantage.
In your case you want all rights for one user, reading rights for your webserver and nothing for the rest of the users.
You can achieve that with 750
(rwxr-x---
) but you need to change the group of the directory to your webservice's group.
Example:
chgrp -R apache /var/www
chmod -R 750 /var/www