On Tue, Nov 02, 1999 at 02:18:40AM +0100, Anthony E. Greene wrote:
> Peter Kiem wrote:
> > >Other users can still see the directory information for files in the $HOME
> > >directory if they already know the filename. I created a directory for my
> > >users that has permissions drwx------ so that only the owner can see the
> > >files.
> >
> > Well I tried that and Apache then cannot serve the public_html directory as
> > the user "nobody" doesn't have any access to $HOME. You get nothing but
> > "403 Access Forbidden" with those permissions 8(
> >
> > I thought the bare minimum permission for $HOME would be --x for "others"
> > cause they cannot read or write to that dir, but like you say they can
> > pass-through if they know the name, and hence get to the public_html dir and
> > nothing else.
>
> The 700 permission I described is not for public
> _html, but for the other directory that I created to protect user file.
> public_html must have at least 701 permission, as noted in the original
> post.
I am currently in a similar situation. Apache requires that the user's
home directory be world executable and the public_html directory be
world readable. In my application, however, this is unacceptable,
since the user may have private files in his public_html directory
that are protected by a .htaccess file. Its not very useful to protect
them with a .htaccess file if any other user on the system can browse
through them with a chdir.
Historically we solved this by writing our own apache module that
su:ed to 'user' whenever any file under in ~user/public_html was
accessed. This, however, is a pain to support (since we now want to
upgrade apache).
I've looked at mod_suexec, but it only works for SSIs and CGIs. Does
anyone know of another solution, or are there ways to configure
mod_suexec to do this?
Thanks,
Rob
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
