Restricting users to their own home directories / not letting
users view other users files...?
Roland Smith
rsmith at xs4all.nl
Wed Feb 11 11:05:58 PST 2009
On Wed, Feb 11, 2009 at 01:38:33PM -0500, Keith Palmer wrote:
>
> ... really? Write a script to copy the user's files over on a schedule...?
>
> I can see where that might be an option for some people, but that's
> entirely not an option in this case. I'd have to schedule it to run every
> 5 seconds or something to keep users from getting upset.
Cron has a granularity of one minute. Otherwise you can write a simple
script that calls rsync(1) every five seconds.
At my ISP I can upload my website to my home directory, and then I have
to execute a command to make my updates accessible from the outside. You
could do something like that as well.
> What if I symlinked each home user's public_html directory to a directory
> readable only by Apache? Would Apache be able to read the destination
> directory via the symlink, even if it doesn't have permission to access
> the destination directory?
Nope. You can't even make the symlink as a normal user:
($ = normal user, # = root)
$ ls -ld /var/heimdal
drwx------ 2 root wheel 512 Feb 11 19:45 /var/heimdal/
# fortune >/var/heimdal/foo
$ ls -s /var/heimdal/foo foo
ls: /var/heimdal/foo: Permission denied
You can make the link as root, but you still can't use it:
# ln -s /var/heimdal/foo foo
# ll foo
lrwxr-xr-x 1 root rsmith 16 Feb 11 19:50 foo@ -> /var/heimdal/foo
$ cat foo
cat: foo: Permission denied
> Is there really no better way to do this...?!?
- Try access control lists to give group WWW access (as mentioned).
- Let them upload via FTP (I think most HTML editors support this).
- Depending on the user's content you could make blogs of their sites?
That way they can edit via the browser or their favorite blog posting
software.
Roland
--
R.F.Smith http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090211/5af21e5d/attachment.pgp
More information about the freebsd-questions
mailing list