Date: Wed, 11 Feb 2009 20:05:53 +0100 From: Roland Smith <rsmith@xs4all.nl> To: Keith Palmer <keith@academickeys.com> Cc: freebsd-questions@freebsd.org Subject: Re: Restricting users to their own home directories / not letting users view other users files...? Message-ID: <20090211190553.GB41237@slackbox.xs4all.nl> In-Reply-To: <65534.12.68.55.226.1234377513.squirrel@www.academickeys.com> References: <53134.12.68.55.226.1234369337.squirrel@www.academickeys.com> <20090211181843.GA41237@slackbox.xs4all.nl> <65534.12.68.55.226.1234377513.squirrel@www.academickeys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--oC1+HKm2/end4ao3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 11, 2009 at 01:38:33PM -0500, Keith Palmer wrote: >=20 > ... really? Write a script to copy the user's files over on a schedule...? >=20 > I can see where that might be an option for some people, but that's > entirely not an option in this case. I'd have to schedule it to run every > 5 seconds or something to keep users from getting upset. Cron has a granularity of one minute. Otherwise you can write a simple script that calls rsync(1) every five seconds. At my ISP I can upload my website to my home directory, and then I have to execute a command to make my updates accessible from the outside. You could do something like that as well. > What if I symlinked each home user's public_html directory to a directory > readable only by Apache? Would Apache be able to read the destination > directory via the symlink, even if it doesn't have permission to access > the destination directory? Nope. You can't even make the symlink as a normal user: ($ =3D normal user, # =3D root) $ ls -ld /var/heimdal drwx------ 2 root wheel 512 Feb 11 19:45 /var/heimdal/ # fortune >/var/heimdal/foo $ ls -s /var/heimdal/foo foo ls: /var/heimdal/foo: Permission denied You can make the link as root, but you still can't use it: # ln -s /var/heimdal/foo foo # ll foo lrwxr-xr-x 1 root rsmith 16 Feb 11 19:50 foo@ -> /var/heimdal/foo =20 $ cat foo=20 cat: foo: Permission denied > Is there really no better way to do this...?!? - Try access control lists to give group WWW access (as mentioned). - Let them upload via FTP (I think most HTML editors support this). - Depending on the user's content you could make blogs of their sites? That way they can edit via the browser or their favorite blog posting software.=20 Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --oC1+HKm2/end4ao3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iEYEARECAAYFAkmTIZEACgkQEnfvsMMhpyUbvgCeI9B+7RFS+SpExaoOb6Wr61vy M+AAn10FDD3XlEDDT0jaIrcb1ooHQ4y0 =f5vq -----END PGP SIGNATURE----- --oC1+HKm2/end4ao3--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090211190553.GB41237>