On Mon, 2003-06-09 at 03:02, zentara wrote:
On 08 Jun 2003 20:40:14 -0700 Tom Nielsen <tom@neuro-logic.com> wrote:
Boy did you guys opened up on me! Ouch! I guess I should have expected it.
As an example, I just want to publish pictures of my carpet. (It's really nice carpet). I can do it know, but how can I keep folks out of my other directories?
Apache's built-in security takes care of most of that for you. If the directory isn't listed in httpd.conf, and you don't have a flawed version of apache, it won't allow visitors out of the web directories. Your best option is to make a separate user just for displaying your web photos. That way, if they do get out of the public_html, it's just a dummy user's home directory.
I've seen you all answer these types of questions before. I really do appreciate the input I've received and will receive...including the RTFM parts.
The only tricky thing with apache and homedirs is "suexec", which applies to the cgi-bin. suexec is enabled by default; to disable it, you need to remove the suexec binary from the system(or rename it). suexec will not allow any cgi to run unless it is owned by the owner of the homedir. It has it's own log too, with the other http logs.
If you don't use any cgi scripts, and just serve web pages, your security risk is pretty low.
Thanks for the tip. This is the type of "simple tips" I was talking about. Tom - - - - - - - - - - - - - - - - - - Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com