> > > I am currently in a similar situation. Apache requires that the user's
> > > home directory be world executable and the public_html directory be
> > > world readable. In my application, however, this is unacceptable,
> > > since the user may have private files in his public_html directory
> > > that are protected by a .htaccess file. Its not very useful to protect
> > > them with a .htaccess file if any other user on the system can browse
> > > through them with a chdir.
By my reading of the UserDir directive documentation at Apache.org, You
could set the user's web space to a directory that is NOT in their home directory.
This won't protect files located in the web space, but it allows you to set
very restrictive permissions on the user homes, while setting just the web space
to world read/execute. You could use links to make it look like the web space
is still in ~user/public_html, but that might break some dynamic content.
Something like this:
User bob has his home dir:
drwxr-x--- bob bob /home/bob
and his web space:
drwxr-xr-x bob bob /web/bob
and there is a link from /home/bob/public_html to /web/bob.
and the httpd.conf has a line like this:
UserDir /web/*
Apache gurus should comment, as there may be other issues at stake here.
The user just chooses to store private files in /home/bob, and access them via
carefully audited setGID cgi's.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
