On Sun, Jan 14, 2007 at 11:22:13AM -0600, Christopher D. Clausen wrote: > Davor Ocelic <[EMAIL PROTECTED]> wrote: > > On Sat, Jan 13, 2007 at 04:56:39PM -0600, Christopher D. Clausen > > wrote: > >> Davor Ocelic <[EMAIL PROTECTED]> wrote: > >> > On Fri, Jan 12, 2007 at 08:39:45AM -0800, Adam Chlipala wrote: > >> >> Michael Olson wrote: > >> >> > * apache2/mods-available/userdir.conf: Set AllowOverride to > >> >> > none in users' public_html, as per old config. > >> >> > >> >> We may even want to only enable userdirs on mire, to keep all > >> >> member web serving in one place. Any thoughts on this? > >> > > >> > This would be good. > >> > >> I'd like to to be able to restrict certain portions of ~cclausen to > >> specific people and/or IP addresses. I don't think allowing > >> "AuthConfig" overrides would be a terrible security issue. If > >> someone can think of such an instance, please let us know. > >> > >> Also, can I suggest simply getting rid of the public_html and setting > >> the web space directly at ~/ ? This makes a lot more sense with AFS > >> and its what MIT does. That way users can use a "Public" and > >> "Private" folder from there and don't have to keep a seperate > >> web-specific directory. > > > > Interesting. One problem I see with this is that our members who use > > ~public_html/ do it because they want to serve the website to > > visitors, not the contents of their home directory. > > Okay, so symlink the files or redirect them with Apache directives. > > > Another issue is, knowing that the contents of your home dir are > > "shared", you would have to put anything you want to save in > > Private/, which is another level down the tree. > > No, you wouldn't. I don't think you understand that "system:anyuser l" > doesn't grant read access. It only grants the ability for anyone to > view the file names in the directory. You need "r" access to be able to > actually read the files. > > > And there's a potential issue of different .rc files with > > improper permissions being open to the world for reading. > > No, this isn't true either. See above.
Right, I was thinking in terms of the usual filesystem, not AFS. Well, then if folks have no objection to having the names of their files visible, we can go this route. -doc > > <<CDC > > > _______________________________________________ > HCoop-SysAdmin mailing list > [email protected] > http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
