** Reply to note from [EMAIL PROTECTED] Mon, 21 Jul 2003 00:17:38 +1000
> Note that allowing people to ftp to their home > dirs can be a security hole, as they can then > upload .rhosts or .shosts or .ssh/authorized keys > files. To get around this you must not let them > write to their home dir -- only let them write > to their http area. Matt, thanks for that warning so, the home dir is determined by what's in passwd, yes ? if I have '/home/username' in passwd and edit that to '/home/username/www', will that then make the home dir *not* '/home/username' BUT '/home/username/www' ? if I set ftp to log to '/home/username/www' will that overcome this issue ? or, do I make root own all '/home/username' and, the user only owns '/home/username/www' ? Voytek Eymont -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
