How do I make files and folders inaccessible to the public on a webserver?

[Peter Olcott]

How do I make files and folders inaccessible to the public
on a webserver?

I want to allow execute access to a specific webservice, but
deny all other access to everything else.

[Joe Pfeiffer]

"Peter Olcott" <NoS...@SeeScreen.com> writes:

All access? Don't put the files on the server.

If you want limited access, look up .htaccess

There are many possibilities in between.
--
As we enjoy great advantages from the inventions of others, we should
be glad of an opportunity to serve others by any invention of ours;
and this we should do freely and generously. (Benjamin Franklin)

[Unruh]

"Peter Olcott" <NoS...@SeeScreen.com> writes:

>How do I make files and folders inaccessible to the public
>on a webserver?

By installing passwords?
By installing a firewall which allows port 80 access only to the desired
webservice?

>I want to allow execute access to a specific webservice, but
>deny all other access to everything else.

Execute?

[Aragorn]

On Saturday 07 November 2009 15:12 in comp.os.linux.security, somebody
identifying as Peter Olcott wrote...

(1) Make sure Apache - I am assuming Apache as the webserver; substitute
by whatever webserver you are running - is not running with root
privileges and that it does not have read access to the files.

(2) Use the ".htaccess" file and/or implement Access Control Lists.

--
*Aragorn*
(registered GNU/Linux user #223157)

[Nico Kadel-Garcia]

Aragorn, that would work fine for an individual on a shared user. But
many Apache servers disable or limit the use of public_html and
of .htaccess, in order to prevent personal material in $HOME/
public_html from being reconfigured to allow symlinks out of it and to
prevent running insecure binary tools there (such as bad PHP scripts
that provide download access). So, alternatively, one sets the
"DocumentRoot" and "Directory" settings in /etc/httpd/conf/httpd.conf
or /etc/httpd/conf.d/[webservice].conf to limit access to a target
directory.

For many Apache servers, this is done by default for a target
directory called /var/www/html/. Simply put the material there, double
check the settings to avoid following symlinks elsewhere, and that
material should show up very nicely on your website.

Peter, what OS's version of Apache and what service, exactly, are you
trying to provide?

[Peter Olcott]

Fedora 10 or 11 and a recent version of Apache.

"Nico Kadel-Garcia" <nka...@gmail.com> wrote in message
news:2a5a4457-cd91-4f12...@d21g2000yqn.googlegroups.com...

[Nico Kadel-Garcia]

On Nov 7, 11:07 pm, "Peter Olcott" <NoS...@SeeScreen.com> wrote:
> Fedora 10 or 11 and a recent version of Apache.
>
> "Nico Kadel-Garcia" <nka...@gmail.com> wrote in message

Cool. The Apache package was renamed "httpd" for various reasons some
years back, at least in Fedora and RHEL releases, and expects its web
materials in /var/www/html/. The user home directory for $HOME/
public_html is disabled by default: the basic configuration file is
at /etc/httpd/conf/httpd.conf and this file also reads any additional
files you add into /etc/httpd/conf.d/*.conf, which is used for little
add-ons like the mod_perl or mod_ssl utilities.

There's also that weird "welcome.conf" file that gives you a default
"You're running Apache!" page if you don't have a file called /var/www/
html/index.html.

[Wanna-Be Sys Admin]

Peter Olcott wrote:

Controlling "public access" over http, ftp, shell, or, or all of them?
Who/what do you need to allow access to view or execute said
filers/programs?
--
Not really a wanna-be, but I don't know everything.