0
I have this folder structure :
RootFolder
Export
Files
Site
and want the access to the files (source code) in Export and Site to be allowed only for a group of user in "priv_group" and not allowed for others even for server administrator (but other users should still be able to run the scripts in Export and site folders). "Files" folder should be accessible for all.
I'm using an apache server on linux
the only requirement that i want to achieve with this, is that no other non "priv_group" user should be able to see or copy the source code
i thought of doing this:
apache process running by group : www-data
group of users that should have access to source files : priv_group
drwxrwx--- www-data priv_group Files/
-rwx--x--- priv_group www-data Export/
-rwx--x--- priv_group www-data Site/
is this enough and would it prevent access to website pages (in Site/) and for scripts files that should be run by other users (in Export/) ?
Any advice on the setup i should do to achieve this ?
Linux/Unix file permissions have three types of access: read, write and execute. You didn't specify which of these types of access you want the priv_group group to have. Restricting a server administrator is pointless as they have the ability to lift any restrictions. Directories and files are distinct and even if users have access to a directory, they can still be restricted from reading, writing and executing files in that directory (although they may be able to delete files if they have the write privilege on the directory). – Ladadadada – 2014-01-09T13:10:18.190
Linux privileges can get more complicated than this with extended attributes and SELinux/Apparmor/grc but a discussion of that doesn't belong in a comment requesting clarification. – Ladadadada – 2014-01-09T13:11:53.353
@Ladadadada edited my question to add more details , sory for not being clear this is my first try with securing a webserver – Mouna Cheikhna – 2014-01-09T13:40:15.903