You've got to rely on the OS do to that.
You've got to have the access to these files (in order to modify them for
instance !) AND the user nobody needs to (if your Apache server runs under
the user nobody), but only in ReadOnly (to be completely secure).
So, I can see two solutions :
- you can use the groups
- you can use the ACL (but they're not part of Linux : you've got to find a
solution from somewhere on the web, go to freshmeat.net)
With ACL, you can say that ONLY you and nobody can access these files.
With group, ask your sysadm to create a group 'alain', then make your very
user and the user nobody belong to this group and do a 'chgrp alain' on your
files. *But* a user can only belong to a limited number of groups, so if in
your site you're a lot of people to need this, then the user nobody won't be
able to belong to so much groups...
Regards
Mathieu
> -----Original Message-----
> From: Alain Terriault [mailto:[EMAIL PROTECTED]]
> Sent: 08 October 1999 14:58
> To: [EMAIL PROTECTED]
> Subject: Re: [expert] Password on entering a webpage using
> Apage Server
>
>
> Hi,
>
> .htaccess works fine for outside access .. do you know how to
> secure it
> from the inside also ?
>
> Local users can read the "secure" (.htaccess) directory
> files with "vi"
> or just copy them to their home directory and then view it with
> netscape.
>
>
> My home is /home/me rwx --- ---
> My secure web page is /home/me/public_html/secure rwx r-- r--
> now if one does "ls /home/me" it will not work, permission denied
> but "ls /home/me/public_html/secure" is fully available, so is
> "cp /home/me/public_html/secure/* /home/curiosuser"
>
> I sure they are some solutions to that, will be happy to know them 8-)
> .. and also think everybody should be aware of that weakness, just in
> case some did not know.
>
> thanks,
> alain
