p dont think wrote:
But if you end up forced into it, look at Samba's "force user" and "force
group" config settings. You might be able to get what you want with
those.
Possibly.. but opening up stuff for apache to write into. Users would have to be in the apache group, so any user could just go into another users directory ("predictable directories") and write/remove stuff. Not a very secure way of doing things.
The file manager checks every HTTP request to see that the directory being accessed is allowed for the current user given the settings you have made in its configuration file. Not that I'm saying it's perfect, but I have never heard of such a bug. If you find it, please send me details.
- Paul
I haven't proven it, and I don't even know if it's possible. * Users are all in group "apache" * Each user has /home/$USER/files as their file-manager plugin directory.
Malicious LAN user says "Oh, that's where stuff is.. and I'm in the same group.." and attempts to delete files.
I'm trying to limit this by not allowing any SSH access to the server.
My more immediate concern is that management wants me to put samba on the box (in the DMZ) instead of just letting me use another machine on the Trust network for Samba. Sigh.
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
--
squirrelmail-users mailing list
List Address: [EMAIL PROTECTED]
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
