0

This is what I did:

  1. CentOS 6.2 server
  2. installed nginx
  3. installed vsftpd
  4. in vsftpd.conf I set chroot_local_user=YES
  5. created a new user "bleh"
  6. created directory /home/bleh/public_html/
  7. in virtual.conf I set location / { root to /home/bleh/public_html/
  8. and finally did chmod 755 /home/bleh/

Is this safe? Is this acceptable?

I ran into all sorts of permission problems when I tried to use /var/www/ as root. The above worked and the server is delivery data.

Improve this question

1 Answer 1

Reset to default
0

That may be bad security for a few reasons.

  1. If /var or /var/www is on its own partition, it may have been mounted with special restrictions. For example, it may have been mounted with options such as noexec or nosuid. /home might not have these restrictions.

  2. In many cases, the directory from which you are hosting your website should not be world-readable. You should generally make your content only readable by its owner and group. Your webserver should be run as a user that can read those files.

  3. Mixing server data in with user data might lead to the accidental hosting of sensitive data. For example, you might accidentally host the user blah's data.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.