# /home/username/public_html permissions

## ClippyHater

Ok, I finally discovered what I had to do to get http://localhost/~username to work!  Turns out that apache not only needs read permission on /public_html, but also its parent directory, /username.  Now, this seems quite odd to me.. In order for apache to have read access, you need to give at least r for others...  I'm pretty sure users don't want all non-root users to have read capability on their home directories, which is what you need to do to get ~username to work.  Is there a solution that will give users some privacy on their /home/username directories?  Has anyone thought about this or figured it out?

----------

## pYrania

are you sure you setup right permissions in httpd.conf?

----------

## Caffeine

Good to see you got it sorted. 

Granting read permissions for group and others on your home directory means group and others can see the content of your home directory. Ie, a directory listing of /home/username will list the files in there. However, if they files themselves don't have read permission for group and other, then they can't be read. Ie, group and other can't look inside the files. 

If you don't want people snooping about, make sure you only place directories in your home directory. These sub-directories should then have no group/other read/write/execute permission. So, put all your mp3's in /home/user/mp3. That way anyone can see you have a directory called mp3, but they can't look inside it.

Make sense?

----------

## ClippyHater

Yup, that makes sense.  I was even thinking of having /public_html, and under that /htdocs.  Maybe that would alleviate my /home/username directory from having any special access at all... Not sure if it'll work, but might try that option first.

----------

## Caffeine

When you type http://localhost/~username apache looks in /etc/password for your home directory, then adds public_html to the end of that. Adding a htdocs directory to the public_html directory won't help. ( Your use of / at the start of directory names is a bit confusing, as that normal suggests the directory is in / . It's probably just me though.   :Smile:   )  

So, did I understand that you want to put your web pages in /home/username/public_html/htdocs/ ? From my understanding, every directory in that chain will need read/execute permissions. But I'm sure your well on the way to figuring this out yourself.   :Wink: 

----------

## ClippyHater

Caffeine:

You're right.  Just tried to get around /home/username having excessive permissions by placing an /htdocs in /public_html and reducing permissions on /home/username.  Doesn't work.  As you said, all directories leading up to /public_html need access for non-user/non-group.  Oh well.  I'll just make sure all files/directories only have rwx------ for user that have nothing to do with public_html.  That should work fine  :Smile: 

----------

## Futt

You don't have to give everyone read permissions to your home directory, only execute. Since Apache already knows what subdirectory to look for it doesn't need read permissions. IIRC; "read" permissions give users the right to list the contents of the directory. Execute only gives them the right to enter the directory, but not browse it. This works fine for Apache. So the permissions should be set as follows:

```

/home/username               rwx-----x

/home/username/public_html   rwx---r-x

```

Then, of course, you need to add "UserDir public_html" to httpd.conf (or uncomment it if it's commented)

----------

## splooge

I haven't used it yet myself, but I heard about something called SUEXEC that will allow apache to act as a certain user(s?) instead of 'nobody', this way you can chmod your files back to 700 instead of 701.

----------

## ClippyHater

Futt:

   Just what I was looking for, thanks a ton!

splooge:

   Right now I'm just too uncomfortable with my knowledge of permissions and how things should be set to mess around with SUEXEC just yet.  Maybe after a few months I'll be ready to change the defaults of apache, but right now, I'm just happy that things are almost completely finally working  :Very Happy:   Thanks for the info, though!

----------

