0

after apache2 install, I added this user www-data to the group of personal account hosek.

root@hp:~# groups www-data 
www-data : www-data hosek
root@hp:~#

Group permissions to DocumentRoot folder are OK.

hosek@hp:/home$ ls -la
total 12
drwxr-xr-x  3 root  root  4096 kvě  1 23:13 .
drwxr-xr-x 20 root  root  4096 kvě  1 22:32 ..
drwxr-x--- 24 hosek hosek 4096 kvě  3 15:53 hosek
hosek@hp:/home$

But when I access site, it shows me Forbidden. Why?

Just note, when I set x for others on hosek folder, it works. But it should work in 1st case?

Thanks.

UPDATE

What is best practice in case you want website data in specific folder? About security related to /var/www/html/ via ssh, read level-up folders is possible, for example you can see files in /var or in /.

How can I restrict this browsing folder on level-up related to ssh connection? It is good practice? And really only this way? https://www.cyberciti.biz/faq/debian-ubuntu-restricting-ssh-user-session-to-a-directory-chrooted-jail/

Maybe some complete manual would be very useful?

Thank you.

Stanislav Hosek
  • 125
  • 2
  • 10
  • 1
    For security reasons I'm going to direct you to https://askubuntu.com/questions/767504/permissions-problems-with-var-www-html-and-my-own-home-directory-for-a-website/767534#767534 which explains how to not use your home directory for access to site data, etc. but not have things in your home dir. Not to plug my own answer, but it's safer to not run things in your home directory space and just give yourself permissions elsewhere to access your website files (in /var/www/ space for instance as my answer explains) – Thomas Ward May 03 '23 at 14:15
  • OK, in case I have all data in home folder (backup reason - because in past I forgot on /var/www/html/ folder due reinstallation and I lost actual website data), what is best practice? Create ln from home to /var/www/html? Thanks. – Stanislav Hosek May 03 '23 at 14:54
  • Did you Logout/Login after you made the changes to groups? Group membership is handled by login. – waltinator May 03 '23 at 19:05
  • Comments are designed for US to ask YOU questions about your Question. You should [Edit] your question to add information. By updating your Question, and using the formatting buttons, you make all the information available to new readers. People shouldn't have to read a long series of comments to get the whole story. AskUbuntu is a Question and Answer site, not a conversation site. If you have an update, [edit] your Question. If you have a new question, see [Ask]. – waltinator May 04 '23 at 13:55
  • @waltinator Yes, I did, same situation. – Stanislav Hosek May 04 '23 at 14:21

0 Answers0