Re: Restricting users to their own home directories / not letting users view other users files...?

On Wed, Feb 11, 2009 at 01:38:33PM -0500, Keith Palmer wrote:

... really? Write a script to copy the user's files over on a schedule...?

I can see where that might be an option for some people, but that's
entirely not an option in this case. I'd have to schedule it to run every
5 seconds or something to keep users from getting upset.

Cron has a granularity of one minute. Otherwise you can write a simple
script that calls rsync(1) every five seconds.

At my ISP I can upload my website to my home directory, and then I have
to execute a command to make my updates accessible from the outside. You
could do something like that as well.

What if I symlinked each home user's public_html directory to a directory
readable only by Apache? Would Apache be able to read the destination
directory via the symlink, even if it doesn't have permission to access
the destination directory?

Nope. You can't even make the symlink as a normal user:
($ = normal user, # = root)

$ ls -ld /var/heimdal
drwx------ 2 root wheel 512 Feb 11 19:45 /var/heimdal/

# fortune >/var/heimdal/foo

$ ls -s /var/heimdal/foo foo
ls: /var/heimdal/foo: Permission denied

You can make the link as root, but you still can't use it:

# ln -s /var/heimdal/foo foo
# ll foo
lrwxr-xr-x 1 root rsmith 16 Feb 11 19:50 foo@ -> /var/heimdal/foo

$ cat foo
cat: foo: Permission denied

Is there really no better way to do this...?!?

- Try access control lists to give group WWW access (as mentioned).
- Let them upload via FTP (I think most HTML editors support this).
- Depending on the user's content you could make blogs of their sites?
That way they can edit via the browser or their favorite blog posting
software.

Roland
--
R.F.Smith http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)

Attachment: pgp55xoZWuXj9.pgp
Description: PGP signature

Relevant Pages

  • Re: [PHP] Passing variables between pages
    ... You always have the option to write one huge script for any application. ... we use sessions to pass variables between scripts -- but we could ... So just defining $foo saying include 'steptwo.php' ... I do use this technique inside of my templating class though. ...
    (php.general)
  • Re: Redirect file output into variables
    ... Hmm, i would use a safe interpreter for that..., as you say limited ... interp alias foo puts buffered_puts ... set script "script you want to execute in a safe environment" ...
    (comp.lang.tcl)
  • Re: A subst-antial question
    ... Suppose I have a script: ... I know I have to substitute variables locally before I can set them ... stuff with $foo in it ... An alternative, in Tcl 8.5 (or 8.4 with the dict package), would be to not perform the substitutions locally, but instead to snapshot the environment of the script as a dict, and then send that along with the code to be evaluated remotely using: ...
    (comp.lang.tcl)
  • Re: 1352 NUL bytes at the end of a page? (was Re: Assertion `s && s->tree failed: The sag
    ... >> tests to the script to see if things are really slowing down with current kernels, ... > Are you sure the IDE disks are in DMA mode? ... time bk clone -qlr40514130hBbvgP4CvwEVEu27oxm46w testing-2.6 foo ...
    (Linux-Kernel)
  • Re: substitute variable
    ... echo "$file.cpp" ... What I want to see after running the script (ksh) ...
    (comp.unix.shell)