From: Ray Olszewski <ray@comarre.com>
To: linux-newbie@vger.kernel.org
Subject: Re: keeping legitimate users out of public_html
Date: Wed, 15 Sep 2004 10:14:11 -0700 [thread overview]
Message-ID: <5.1.0.14.1.20040915100132.01f29c78@celine> (raw)
In-Reply-To: <fc.004c4e00006307dc004c4e00006307dc.6308bf@palmertrinity.o rg>
At 08:15 AM 9/15/2004 -0400, William Stanard wrote:
>I help students manage a school intranet website on a machine running Red
>Hat 2.4.18-14 and Apache 2.0.40.
>
>How do I keep my student users with accounts on the machine from being
>able to access, via Putty, /home/bobo/public_html, the directory in which
>I keep all of the content for the site, including tests and quizzes for my
>students' online use?
>
> I can password protect, using .htaccess, specific directories from
>"unauthorized" access, but I would like to provide similar protection for
>the /home/bobo/public_html/Prog/tests directory. If I change permissions
>via chmod, however, then Apache will not be able to serve the pages to the
>intranet.
This is actually a tricky problem, taking you into one of the blurry areas
of Unix/Linux permissions. One way to solve it: first check what userid
apache is running under and what groups that userid is part of. Then make
the relevant files and directories mode 640 (or 750, depending on the
specifics ... possibly even 660 or 770 if you have cgi scripts that need to
write to files or create new files), associating them with a group that the
apache userid is in but the students are not in. That should do the job for
you.
Doing this may require you to change the userid that apache runs under. And
I am assuming in this (a) that you are "bobo"; (b) the students do not have
root access to the host. If assumption (b) is wrong, then there is no way
to accomplish what you want that I know of (since root access is, by
definition, never "unauthorized"). If assumption (a) is wrong, the general
idea I'm suggesting should still work, but you will have to adjust some
details, depending on what the userid "bobo" actually is.
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
next parent reply other threads:[~2004-09-15 17:14 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <fc.004c4e00006307dc004c4e00006307dc.6308bf@palmertrinity.o rg>
2004-09-15 17:14 ` Ray Olszewski [this message]
2004-09-20 13:59 ` keeping legitimate users out of public_html Stephen Samuel
2004-09-20 16:49 ` William Stanard
[not found] ` <fc.004c4e0000637dea004c4e00006307dc.637dfd@palmertrinity.o rg>
2004-09-20 17:31 ` Ray Olszewski
2004-09-15 12:15 William Stanard
2004-09-15 12:20 ` William Stanard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5.1.0.14.1.20040915100132.01f29c78@celine \
--to=ray@comarre.com \
--cc=linux-newbie@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox