Going half way between paranoid and owner mode
I started using suPHP recently and I just can't get my permissions setup
I am using suPHP along with DBD MySQL, which allows me to store my users
and Apache virtual hosts into a MySQL database.
The server's contents have the following permissions :
x--- someuser www-data /home/users/someuser/
-rw- r----- someuser www-data /home/users/someuser/index.php
- "someuser" is a UNIX user stored in the MySQL database (link is made
through libnss-mysql and pam-mysql).
- "someuser" belongs to the "users" group. His home is
- "someuser" and his scripts must not be able to access other homes in
Now, I am trying to use suPHP to remove the "www-data" group ownership
from the PHP scripts upon execution, but I need to keep the user ownership.
That is, in the above example, index.php should be executed as
someuser:users instead of www-data:www-data.
- Owner mode allows me to set execution ownership to someuser:www-data,
which isn't quite it since I don't want the group to be www-data.
- Paranoid mode requires me to set a static user AND group name, which
I can't do (all homes are handled by the same virtual host
configuration, which queries the database for each request).
I'd like to know if suPHP offered a way to use owner mode for the user,
but paranoid mode for the group.
Basically, I'd like something similar to :
in owner mode (yet, this parameter does not exist).
I've been thinking about this setup for a while, and I just can't find a
correct configuration use both suPHP and DBD MySQL together, while
separating all homes from each other.
Am I missing something here, or is there a simpler setup I didn't think
Thanks in advance!