Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

access.conf

Status
Not open for further replies.
jack2000

jack2000

MIS
Jun 16, 2003
2
TW
1. Currently all virtual hosts can browse through the file structure (they can't change anything, but see the entire structure). How do I prevent them from seeing all files, exept the one in their directory: /home/example_host/www
?

2. also, it is possible to view all directory structures through the browser, for example if I type I would see all the files in that directory if there is no index file, how do I prevent this?

Thanks
Jack
 
Sort by date Sort by votes
Hi,



1) Not too sure what you mean - can you give an example...



2) Just remove the keyword 'Indexes' from your Options statement(s) in httpd.conf. That causes a directory display if there is no DirectoryIndex file, e.g. index.html, in a given directory.
For example change :

Options Indexes Includes FollowSymLinks

to

Options Includes FollowSymLinks



Regards
 
Upvote 0 Downvote
Thanks for number 2, it worked.

in regards to 1., when a user logs in via ftp, he will be in the directory home/nameofalias/www
The is for the html files, cgi-bin, etc. now if they move up, they can go into the home diretory, which shows all users (nameofaliases). Then it is possible to go into those directories and view files. They cannot be modified, but viewed. How can this be changed that the user only has access to his and nothing higher in the directory tree?

Thanks
Jack
 
Upvote 0 Downvote
Hi,

It makes sense now - ftp is nothing to do with apache of course but I know what the problem is. The solution is that you have to set up the ftp server in such a way as to confine users to a 'chroot jail'. This uses the chroot function to logically move '/' to a different point lower in the directory structure. This way they can't cd .. etc to get to parent dierctories because, logically, there are no parent directories.

Implementation varies by ftp server - for wu-ftpd see --> . You might like to look ay vsftd which is designed as a 'very secure' ftp server and according to the author's README :

"vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure. Obviously this is not a guarantee, but a reflection that I have written the entire codebase with security in mind, and carefully designed the program to be resilient to attack.

Recent evidence shows that vsftpd is also extremely fast and scalable. vsftpd has achieved ~4000 concurrent users on a single machine, in a production environment.

vsftpd is now a proven stable solution. Of particular note, RedHat used vsftpd to enable ftp.redhat.com to support 15,000 concurrent users across their server pool. This extreme load was generated by the release of RedHat 7.2 to the world. "

See --> .

Regards
 
Upvote 0 Downvote
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top