Sthitaprajna saw fit to inform LI that:
>On 18 May 00, at 12:38, Ravi Chander J wrote:
>
>> How do I configure Apache to serve web pages from user's home directory
>> ? Right now my Debian 2.1 server serves pages from the htdocs directory
>
>I have _no_ experience with web page hosting through apache or
>otherwise, but here's my Rs 0.02..
>
>It may not be a good idea to let Apache serve from the /home/foouser.
>Malicious scripts may then be used to gain access to the usr dir and
>then r00t. Can the security people advise??
Actually, the way to go is to make a symlink from ~user/www (say) to the
htdocs directory.
That way, the user can copy his files onto htdocs ...
Deny CGI access to your users if you are all that concerned about security
- a library of cgi scripts can be accessed from a central repository
(common stuff like formmail, counters, guestbooks etc). Saves the hassle
of each and every user installing these ...
hth
-s
--
Suresh Ramasubramanian | sureshr at staff.juno.com
Never commit yourself! Let someone else commit you.
-----------------------------------------------------------------------
Check out the 'What to do before posting to the list' site
for a list of things to try before posting. The site is
at http://botsie.tripod.com/beforeposting/
