Date: Sun, 29 Dec 2002 00:52:00 +0100 (CET) From: Marcel Stangenberger <marcel@hayholt.org> To: questions@freebsd.org Subject: ftp security and apache access trouble Message-ID: <20021229004500.R72847-100000@moredhel.hayholt.org>
next in thread | raw e-mail | index | archive | help
Hi all,
I just found a little problem with my security and i hope you guys (and
girls) can help me out.
I'm running an apache webserver (1.3.27) and the default ftpd (from the
inetd).
To use the mod_userdir i need to give all dirs and files in
/home/<username>/www 705 (rwx---r-x) and /home/<username> 701 (rwx-----x)
for rights.
if i don't do that apache cannot read the files in that directory.
But if i do this it is also possible for users to login to the ftpd server
en cd to another users www directory and download files.
is there a way to prevent this?
i prefer some way to insure that users cannot cd to other directory's
outside of there homedir.
Greetings,
Marcel
--
"I have often regretted my speech, never my silence."
- Xenocrates (396-314 B.C.)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021229004500.R72847-100000>