Yes, and if they want to see more... that's what the refresh button on the browser is for. (Yes, I'm smirking.)
Around here anonymous FTP is a no-no so if someone needs a file distributed it goes up under the /HTML tree. (Yes, I'm _that_ lazy, I symlink /HTML to wherever the document root is on the various systems I've got w/ web servers, so it's kinda like symlinking /dev/tape to your "regular" tape drive; before Linux the "real name" of various devices tended to be, well, rather obscure.) And I'm aware that any application that has a shell escape (like "less") won't enforce the restricted shell, so you may need to look at chrooting if you want _real_ security which symlinking can't get around. I once wrote an old menu tool that I still use today for my wife; it can be exec'd from the .profile so that she has a nice arrow-down-then-hit-enter means of accessing her files (so I can dynamically generate a menu and enter it so she can _see_ the files she wants to view). A determined effort to use less' shell escape would work, of course, since I've not re-written the linux-provided utilities for security. I'm thinking though that the web access is the smart way. If you use a CGI you can look at the requestor's IP address and divine whether the person is in the right subnet to read the file, too, but this last isn't *really* security. Never mistake obscurity for security. (http://www.schneier.com/crypto-gram-back.html for the curious.) -------------------- John R. Campbell, Speaker to Machines (GNUrd) {813-356|697}-5322 Adsumo ergo raptus sum MacOS X: Because making Unix user-friendly was easier than debugging Windows. Red Hat Certified Engineer (#803004680310286) IBM Certified: IBM AIX 4.3 System Administration, System Support ----- Forwarded by John Campbell/Tampa/IBM on 10/12/2004 10:17 AM ----- Adam Thornton <[EMAIL PROTECTED] To: [EMAIL PROTECTED] mine.net> cc: Sent by: Linux on Subject: Re: [LINUX-390] Confining a user to the home directory specified in the 390 Port user record <[EMAIL PROTECTED] IST.EDU> 10/12/2004 10:12 AM Please respond to Linux on 390 Port On Tue, 2004-10-12 at 08:16, James Melin wrote: > I thought about that but they wanna be able to less and tail the file. A Maybe you want to, rather than let them have a real shell, just a a CGI app that displays the file(s) and lets you scroll back and forth in it (them)? Adam ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
