On 13-08-18 09:40, Lars Noodén wrote: > On 08/13/2018 10:36 AM, info at smallinnovations dot nl wrote: >> On 13-08-18 09:31, Lars Noodén wrote: >> >> <snip> >> I worked the other way, Apache is able to work with symlinks. I only >> needed to make www-data member of the users group. > Eek. Think instead 'least privilege' That would be one situation where > adding an ACL would work. That would avoid giving away (potentially) > all the user's files to the web server. > > /Lars
It is not really different from allowing user access to /var/www/html/website. When a user puts all his user's files there (s)he give away (potentially) all the files to the webserver too. Grtz Nick
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng