I don't allow shell access but I do allow FTP. I set up guestgroup in the
/etc/ftpaccess to make it so that the user's home directory is their root. In other
words, they can't go FTP above their own directory in the /home/~ directory. I then
also set up the /etc/security/access.conf file to not allow anyone access to logins.
This allows FTP access, but not the ability to move above their home directory and
also doesn't allow them to use a shell account.
Is this what you are looking for ?
C'ya,
Edmund
[EMAIL PROTECTED]
Rob Napier wrote:
> On Tue, Nov 02, 1999 at 02:18:40AM +0100, Anthony E. Greene wrote:
> > Peter Kiem wrote:
> > > >Other users can still see the directory information for files in the $HOME
> > > >directory if they already know the filename. I created a directory for my
> > > >users that has permissions drwx------ so that only the owner can see the
> > > >files.
> > >
> > > Well I tried that and Apache then cannot serve the public_html directory as
> > > the user "nobody" doesn't have any access to $HOME. You get nothing but
> > > "403 Access Forbidden" with those permissions 8(
> > >
> > > I thought the bare minimum permission for $HOME would be --x for "others"
> > > cause they cannot read or write to that dir, but like you say they can
> > > pass-through if they know the name, and hence get to the public_html dir and
> > > nothing else.
> >
> > The 700 permission I described is not for public
> > _html, but for the other directory that I created to protect user file.
> > public_html must have at least 701 permission, as noted in the original
> > post.
>
> I am currently in a similar situation. Apache requires that the user's
> home directory be world executable and the public_html directory be
> world readable. In my application, however, this is unacceptable,
> since the user may have private files in his public_html directory
> that are protected by a .htaccess file. Its not very useful to protect
> them with a .htaccess file if any other user on the system can browse
> through them with a chdir.
>
> Historically we solved this by writing our own apache module that
> su:ed to 'user' whenever any file under in ~user/public_html was
> accessed. This, however, is a pain to support (since we now want to
> upgrade apache).
>
> I've looked at mod_suexec, but it only works for SSIs and CGIs. Does
> anyone know of another solution, or are there ways to configure
> mod_suexec to do this?
>
> Thanks,
> Rob
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
