httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Stephenson" <PStephen...@ficgroup.com>
Subject RE: Protect directory
Date Thu, 21 Feb 2002 20:16:41 GMT
If this is done on a linux or unix platform here is how I did it, and everyone can tell me
if it is not secure.

I run the apache as user=www and group=webgroup, therefore if I make every user that will
be hosting pages, I can set the UID of the the person's folder to their UID, and I set the
user's GID in the /etc/passwd file to 'webgroup', and then I do a chmod -R o-x on the user's
directory. 

So in summary here is what you have:

drwxr-x--- This means that only the folders user can read, write, and execute, but the group
that is running apache has permission to read and execute.  What this means is that multiple
people can log onto your ftp site, see that there are other sites around, but they can't even
do an 'ls' on any of the directories (except for the one they own).

The key thing here is making sure that you have the /etc/passwd file and /etc/group and /path/to/httpd.conf
(for the user and group that runs apache).

Would appreciate any comments or if I am all fudged up.

Paul

-----Original Message-----
From: Fernando Reuter Wendt [mailto:fernando@admijui.unijui.tche.br] 
Sent: Thursday, February 21, 2002 12:20 PM
To: apacheUsersList (E-mail)
Subject: Protect directory

Hi,

how can i protect a directory, to make impossible to users get, view or list
what´s inside it? Sample: if i have one directory called ssfiles, on the
htdocs root, what i must do to make it not accessible to users view when
link to http://www.site.com/ssfiles , and also redirect them to another
link, like the index one (http://www.site.com)?

Thank you,

+-------------------------
 Fernando A. R. Wendt
 Webmaster UNIJUÍ
 http://www.unijui.tche.br
-------------------------+
 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message