[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Users deleting public_html and log causing Apache to fail startup

--On Freitag, 5. Juli 2002 11:38 +1000 Jason Lim <maillist@jasonlim.com> wrote:

But won't "rmdir ." succeed if they are in the public_html directory?

rmdirs _below_ client1/site1/cgi-bin/ and client1/site1/htdocs/ would
all work.

rmdirs of client1/site1/htdocs/, or client1/site1/cgi-bin/ themselves
will not work as that requires modifying the parent directory
(client1/site1) for which the client has no write priviliges.

With that.... wouldn't the client be unable to mkdir client1/site1/testdir

Since client1/site1 is owned by root, and only client1/site1/cgi-bin and
client1/site1/htdocs are owned by the user, the user could only create
directories in those 2 directories, and anywhere else they cannot?

If that were true, that wouldn't be an optimal solution, because the
clients tend to also want to put stuff in directories not accessable by
the web at all.

I have a third fully accessible dir for them called "private", same
rights as htdocs and cgi-bin, but not configured in apache.
For the PHP safe mode conf, you might also include it in open_base_dir
etc. so customer's scripts can read/write in private.

Cheers, Marcel

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: