Davor Ocelic <[EMAIL PROTECTED]> wrote: > On Sat, Jan 13, 2007 at 04:56:39PM -0600, Christopher D. Clausen > wrote: >> Davor Ocelic <[EMAIL PROTECTED]> wrote: >> > On Fri, Jan 12, 2007 at 08:39:45AM -0800, Adam Chlipala wrote: >> >> Michael Olson wrote: >> >> > * apache2/mods-available/userdir.conf: Set AllowOverride to >> >> > none in users' public_html, as per old config. >> >> >> >> We may even want to only enable userdirs on mire, to keep all >> >> member web serving in one place. Any thoughts on this? >> > >> > This would be good. >> >> I'd like to to be able to restrict certain portions of ~cclausen to >> specific people and/or IP addresses. I don't think allowing >> "AuthConfig" overrides would be a terrible security issue. If >> someone can think of such an instance, please let us know. >> >> Also, can I suggest simply getting rid of the public_html and setting >> the web space directly at ~/ ? This makes a lot more sense with AFS >> and its what MIT does. That way users can use a "Public" and >> "Private" folder from there and don't have to keep a seperate >> web-specific directory. > > Interesting. One problem I see with this is that our members who use > ~public_html/ do it because they want to serve the website to > visitors, not the contents of their home directory.
Okay, so symlink the files or redirect them with Apache directives. > Another issue is, knowing that the contents of your home dir are > "shared", you would have to put anything you want to save in > Private/, which is another level down the tree. No, you wouldn't. I don't think you understand that "system:anyuser l" doesn't grant read access. It only grants the ability for anyone to view the file names in the directory. You need "r" access to be able to actually read the files. > And there's a potential issue of different .rc files with > improper permissions being open to the world for reading. No, this isn't true either. See above. <<CDC _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
