I suspect the solution is to get a little creative with groups. The Apache web service must be able to access the files in question, so do I create a group that includes the users and the Apache service account? Or is there another way to handle this?
ISTM that groups are more about giving permissions that denying them. For instance, you could put the users in a "site3" group, and make the "site3" directory owned by them, but that doesn't really solve the problem - it gives them more access than other users to their own files, but not less access to other files.
You could make a group specifically for the *other* sites, which contains you (I guess) and the apache account, but not the other users. That way you can simply chgrp the files on the other sites, and they wouldn't be able to see them. The new users would still be able to see the rest of the system, though, that was either world-readable, or group readable by "users". You could take them out of "users" and just let them see their stuff and world-readable stuff, which would restrict them some more.
If you want to be really tough on 'em, you could consider putting them in a chroot jail, that only lets them access the files they're there to use and a set of executables (ls, cp, vi, for example) that you choose to give them.
HTH.
Chris.
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
