Would this directive work in the access.cong file: <Directory /home/sites> Options IncludesNOEXEC </Directory>
# This controls which options the .htaccess files in directories can # override. Can also be "All", or any combination of "Options", "FileInfo", # "AuthConfig", and "Limit" AllowOverride All ****Change this to whatever you want **** It doesn't allow people to execute commands via SSI (blocks CGI page counters too) but it allows sites to include text files for easy site development. -Mike > > > For exmaple, if we create a root-owned .htaccess file, then site admins > > > can't easily install their own. > > > > Since they own the directory (and have to, to create files), they can > > remove any .htaccess file root creates. > > I concede the point that if people are smart enough to know that there's > an invisible .htaccess file owned by root in their upload directory they > can delete it. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
