"Christopher D. Clausen" <[EMAIL PROTECTED]> writes: > I'd like to to be able to restrict certain portions of ~cclausen to > specific people and/or IP addresses. I don't think allowing > "AuthConfig" overrides would be a terrible security issue. If someone > can think of such an instance, please let us know.
Here's the page on our website that explains why we don't allow any overrides via .htaccess: http://wiki.hcoop.net/wiki/VirtualHostConfiguration. Mainly, it's considered more elegant to just use domtool to specify custom authentication directives. > Also, can I suggest simply getting rid of the public_html and setting > the web space directly at ~/ ? This makes a lot more sense with AFS and > its what MIT does. That way users can use a "Public" and "Private" > folder from there and don't have to keep a seperate web-specific > directory. I wonder if we could just permit the user to specify where hcoop.net/~user goes by using DomtoolTwo, and completely do away with the userdir module. Here's one idea for how to configure this using DomtoolTwo-ish syntax. It adds the "sharable" keyword for vhosts and allows the user to have a top-level "shared vhost" instead of a domain. I haven't yet taken a thorough look at DomtoolTwo, so I could be going about this the wrong way. (* HCoop domain which permits sharing of the "www" vhost *) domain "hcoop.net" with ... dns (dnsA "www" web_ip); sharable vhost "www" where SharePrefix = "~"; DocumentRoot = "/home/adamc/html"; ServerAdmin = "[EMAIL PROTECTED]" with serverAlias "hcoop.net"; addDefaultCharset "mumbo-jumbo/incomprehensible"; location "/theMorgue" with rewriteRule "A" "B" []; end; end; end; (* User who takes advantage of the globally available domain *) (* The username is determined from the current directory, i.e. *) (* /afs/hcoop.net/usr/current-user, and this config snippet could be *) (* stored in /afs/hcoop.net/usr/current-user/.domtool *) shared vhost "www" on "hcoop.net" where DocumentRoot = "public_html"; (* no "../" links permitted, and so on *) with (* various permitted directives and options *) end; end; The DocumentRoot in shared vhosts would be published as an "Alias" line (concatenating SharePrefix and the specific username), and the rest would be part of a <Directory> stanza. This could get inserted directly into the file for the shared domain, every time it gets generated. One advantage is that users could "attach" themselves to multiple hcoop-provided domains (deleuze/www and mire), if they have both a static part of their website and a dynamic part, but no domain of their own. -- Michael Olson -- FSF Associate Member #652 -- http://www.mwolson.org/ Interests: Lisp, text markup, protocols -- Jabber: mwolson_at_hcoop.net /` |\ | | | Projects: Emacs, Muse, ERC, EMMS, Planner, ErBot, DVC |_] | \| |_| Reclaim your digital rights by eliminating DRM. See http://www.defectivebydesign.org/what_is_drm for details.
pgpSX5tthqwJm.pgp
Description: PGP signature
_______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
