1

Any ideas how to allow one non-root process to access (read&write) all home directories without compromising security? Normal users should not have access to each other's home directories.

All ideas are welcome, even crazy ones (nfs&kerberos setups?) :)

I basically need to create web interface for user home directories, where the non-root process is the web server process.

New files should have the home directory user as the owner. Is this even possible?

Improve this question

2 Answers 2

Reset to default
2

We're going to need more info if you are looking for a complete answer. From what I understood, you may want to look into Access Control List. It is supported by many Unices and will give you better control over what user gets access to which file.

Use with care and try it in a VM first if you're not 100% comfortable.

Improve this answer
1

I guess the difficulty is that home directories are not publicly executable in your environment.

You can put an access control list on all home directories that gives a particular user or group execution permission to the directory. The web server will then potentially be able to access any file in users' home directories, which may provide ways to escalate privileges (at least, this will broaden the impact of a local file access vulnerability). For example, under Solaris or Linux, make sure the home filesystem is mounted with the acl option, and run

setfacl -m user:www-data:x /home/*

(integrate that into your account creation setup). Then tell your users that their ~/public_html directory must be readable by the www-data user; they can run this command:

setfacl -R -m default:user:www-data:rx ~/public_html setfacl -R -m user:www-data:rx ~/public_html

Another possibility is to mount all the users' public_html directories in a separate place on the filesystem. This approach has the advantage that the permissions on the home directories won't matter; it even allows the web server to run chroooted. Under Linux, you can do this for a home directory:

mount --bind /home/joe/public_html /srv/homepages/joe

The public_html directory and its contents still need to be made accessible to www-data.

A variant on the Linux bind mount method uses the bindfs filesystem. This method works on any OS that supports bindfs (which is most unices) and does not require any ACL settings, at the cost that any file under public_html will be made available for reading by the web server.

bindfs -u www-data -p 500 /home/joe/public_html /srv/homepages/joe
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.