From owner-freebsd-questions Sat Dec 28 15:52: 4 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9327737B401 for ; Sat, 28 Dec 2002 15:52:03 -0800 (PST) Received: from glamredhel.hayholt.org (hayholt.org [195.18.102.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00A0E43EC2 for ; Sat, 28 Dec 2002 15:52:03 -0800 (PST) (envelope-from marcel@hayholt.org) Received: from moredhel.hayholt.org (unknown [192.168.0.3]) by glamredhel.hayholt.org (Postfix) with ESMTP id 6AB8CAF11 for ; Sun, 29 Dec 2002 00:51:51 +0000 (WET) Date: Sun, 29 Dec 2002 00:52:00 +0100 (CET) From: Marcel Stangenberger To: questions@freebsd.org Subject: ftp security and apache access trouble Message-ID: <20021229004500.R72847-100000@moredhel.hayholt.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi all, I just found a little problem with my security and i hope you guys (and girls) can help me out. I'm running an apache webserver (1.3.27) and the default ftpd (from the inetd). To use the mod_userdir i need to give all dirs and files in /home//www 705 (rwx---r-x) and /home/ 701 (rwx-----x) for rights. if i don't do that apache cannot read the files in that directory. But if i do this it is also possible for users to login to the ftpd server en cd to another users www directory and download files. is there a way to prevent this? i prefer some way to insure that users cannot cd to other directory's outside of there homedir. Greetings, Marcel -- "I have often regretted my speech, never my silence." - Xenocrates (396-314 B.C.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message