User perms and virtual hosts under linux/apache

2025-04-14

hi, im a newb to hosting but not to linux/apache. but i have a very newbie permissions question regarding apache virtual hosts controlled by various user accounts -- namely, what set of user perms do i set up so that APACHE can read and execute users' websites, but that OTHER USERS cant see other people's stuff.

im suffering serious brainfart on this.

For example: my apache process runs as 'nobody'. so if i have a user frank, and frank wants to run a website, and frank doesnt want any other users to have access to his stuff, whats the best way of setting that up?

i suppose i could stick his htmlroot in his homedir, and give him his very own apache instance that runs as 'frank/frank', but that creates a big mess for me, the system admin. not very scale-able. and id probably have to have it listen on a nonstandard port (cuz ive already got an apache listening on port 80) and make a reverse proxy to fwd to the nonstandard port and i am WAY too lazy for that. :-)

my only other idea is to set read and execute perms for group 'nobody' on frank's homedir, and stick frank's htmlroot in there. im assuming that would give apache the perms that it needs to serve the site, while at the sametime saving preserving poor little frank's privacy, so long as noone gets group 'nobody'...

anyways, im wonder how do 'real' linux webhosts do it?

i dont have webmin, usermin, plesk, cpanel, whatever. its all command line, baby.

any advice much appreciated!