TL;DR: How can I enable mod_userdir in a secure way? (meaning: each user should be able to create and serve their content in ~/public_html but they shouldn't be allowed to read each others content nor directly - cat /home/userX/public_html/file- neither through PHP functions (file_get_contents('/home/userX/public_html/file'))
Details: I have configured Apache with mod_userdir for offering my users the option to serve their content dropping files in their ~/public_html folder. In order to protect file access and to avoid that any user could read others' files, I have configured the following permissions:
/home/userA user.user drwx--x--x (711)
/home/userA/public_html user.user drwxrwx--x (771)
I have added www-data to each user's group:
usermod -a -G user www-data
(it could also work creating a group and adding all users, including www-data, to it)
All the configuration works as expected. Any user can access its content from https://server/~user and they can't read any others' files:
userA@ubuntu:/home$ cat userB/public_html/index.php
cat: userB/public_html/index.php: Permission denied
So far, so good. But the problem is that, as Apache is running as www-data and it has group-access to any file inside /home/*, any user can create a PHP file to read others' content using functions like exec, system, file_get_contents, etc.
I know that I can disable such functions from executing adding them to the disable_functions block in php.ini but I see this as a patch, not a solution. So it seems to me that there should be other, more secure, way of configuring this userdir-enabled Apache configuration. I have searched for a way to do this properly but haven't found a proper solution.
