Nope. We have well over 2000 shell-account users. I think we'd see a
lynch mob if we turned it off now (I'd be at the front of the line as
a heavy user of my shell account :)
Rob
On Sun, Nov 21, 1999 at 10:16:46AM -0800, Edmund wrote:
> I don't allow shell access but I do allow FTP. I set up guestgroup
> in the /etc/ftpaccess to make it so that the user's home directory
> is their root. In other words, they can't go FTP above their own
> directory in the /home/~ directory. I then also set up the
> /etc/security/access.conf file to not allow anyone access to logins.
>
> This allows FTP access, but not the ability to move above their home
> directory and also doesn't allow them to use a shell account.
>
> Is this what you are looking for ?
>
> C'ya, Edmund [EMAIL PROTECTED]
>
> Rob Napier wrote:
>
> > On Tue, Nov 02, 1999 at 02:18:40AM +0100, Anthony E. Greene wrote:
> > > Peter Kiem wrote:
> > > > >Other users can still see the directory information for files in the $HOME
> > > > >directory if they already know the filename. I created a directory for my
> > > > >users that has permissions drwx------ so that only the owner can see the
> > > > >files.
> > > >
> > > > Well I tried that and Apache then cannot serve the public_html directory as
> > > > the user "nobody" doesn't have any access to $HOME. You get nothing but
> > > > "403 Access Forbidden" with those permissions 8(
> > > >
> > > > I thought the bare minimum permission for $HOME would be --x for "others"
> > > > cause they cannot read or write to that dir, but like you say they can
> > > > pass-through if they know the name, and hence get to the public_html dir and
> > > > nothing else.
> > >
> > > The 700 permission I described is not for public
> > > _html, but for the other directory that I created to protect user file.
> > > public_html must have at least 701 permission, as noted in the original
> > > post.
> >
> > I am currently in a similar situation. Apache requires that the user's
> > home directory be world executable and the public_html directory be
> > world readable. In my application, however, this is unacceptable,
> > since the user may have private files in his public_html directory
> > that are protected by a .htaccess file. Its not very useful to protect
> > them with a .htaccess file if any other user on the system can browse
> > through them with a chdir.
> >
> > Historically we solved this by writing our own apache module that
> > su:ed to 'user' whenever any file under in ~user/public_html was
> > accessed. This, however, is a pain to support (since we now want to
> > upgrade apache).
> >
> > I've looked at mod_suexec, but it only works for SSIs and CGIs. Does
> > anyone know of another solution, or are there ways to configure
> > mod_suexec to do this?
> >
> > Thanks,
> > Rob
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
