restrict access to virtualhost

Question

I have 3 simple virtualhost:

<VirtualHost *:80>
  DocumentRoot /var/www/example1.com/public_html
</VirtualHost>

<VirtualHost *:80>
  DocumentRoot /var/www/example2.com/public_html
</VirtualHost>

<VirtualHost *:80>
  DocumentRoot /var/www/example1-example2-log.com/public_html
</VirtualHost>

Well, My Question is, how set up this:

Example1.com and example2.com can write, include, require to example1-example2-log and own directory but can't write, include, require each other directories.

Answer 1

Once you add ServerName directives, you could do this, under your /var/www directory:

-rwxr-x---     u1:g1       /var/www/example1.com
-rwxr-x---     u2:g1       /var/www/example2.com
-rwxrwx---  httpd:httpd    /var/www/example1-example2-log.com

• Create a u1 user and g1 group.
• Create a u2 user and g2 group.
• Make user httpd a member of g1 and g2 groups.
• Make users u1 and u2 members of group httpd

This way:

• u1: can access example1.com (u1 is owner == rwx)
• u1: can access example1-example2-log.com completly (group httpd == rwx)
• u1: cannot access example2.com (others = ---)
• u2: can access example2.com (u2 is owner == rwx)
• u2: can access example1-example2-log.com completly (group httpd == rwx)
• u2: cannot access example1.com (others = ---)
• The httpduser can access all directories (groups g1 and g2 == r-x, group httpd = rwx)

In other terms:

• only u1 can fully access his files
• only u2 can fully access his files
• httpd can read all files (required since Apache needs to be able to read files to serve them to clients)
• u1 and u2 can fully access httpd's files.
• but u1 cannot access u2's files (vice-versa)