[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Re: Adding user and security?
- Subject: Re: Adding user and security?
- From: "VaibhaV Sharma" <helpindore@xxxxxxxx>
- Date: Sat, 12 Jun 1999 12:48:13 +0530
The user homepages etc. depend on how u configure your http server. for eg.
in apache u have to specify the directory path to append to the username
when a user homepage request is recieved by the web server. for eg. if the
server recieves http://servername.com/~vaibhav i specified /home/ so the
/home/vaibhav directory would be searched for the homepage for the user
vaibhav. This thing is risky as anyone could browse through home directory
if security on the web server is not set up correctly.
This option of the user homepage is specified in a file /etc/httpd/srm.conf
(if i am not mixing it up with the other conf files in that directory) there
is a line called public _html (or similar) u specify the directory to append
to the username to access the homepage of users. It is recommended to make a
seperate directory called /www and put homepages of users in it e.g.
/www/vaibhav and then give a symbolic link of the directory /www/vaibhav to
/home/vaibhav/www and ask the user vaibhav to upload his homepage files in
the directory /home/vaibhav/www. and in srm.conf specify the public_html
directory as /www/
As for the ftp problemo. I also searched for some solution, finally I
changed the normal user rights through chmod and got the imp files invisible
to the user.....but this has many problems too....hope someone else gives us
a solution...
VaibhaV Sharma
webmaster@xxxxxxxxx
- -----Original Message-----
From: Prasad Mhatre <Prasad@xxxxxxxxxx>
To: linux-india@xxxxxxxxx <linux-india@xxxxxxxxx>
Date: Saturday, June 12, 1999 12:35 PM
Subject: Adding user and security?
>What is the best way to add user in Linux with a seperate user home
>directory?
>
>I installed Redhat 5.2 from PCQ and tried adding a user with..
>
>adduser xyz
>
>a directory is created automatically say /home/xyz
>but where are the homepages for this user?
>If the user opens a FTP session, what he gets is the comtent of /home/xyz
>and still he can see the contents of /etc and all other directories.
>How can I restrict him to only his directory? Atleast he should not have
>access to the system files.
>I saw somewhere in the docs about security but was not able to capture the
>same properly.
>
>Any suggestion are appreciated.
>
>Thanks
>Regards
>Prasad
>
>
>
>
>--------------------------------------------------------------------
>For more information on Linux in India visit http://www.linux-india.org/
>Linux India is NOT a forum for Microsoft/India/Pakistan/US/UK bashing.
>Flame baits will not be tolerated. If you can appreciate satire read
>http://www.templetons.com/brad/emily.html
>
- --------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/
Linux India is NOT a forum for Microsoft/India/Pakistan/US/UK bashing.
Flame baits will not be tolerated. If you can appreciate satire read
http://www.templetons.com/brad/emily.html
------------------------------