Suggestions for configuration

I have a webserver running quite well, BUT.
I need to give certain users full access to certain directories and not
others.
Currently I am changing ownership of the directories to match and giving
them a symlink to the dirs in their home directories for FTP access, but now
also they are using Samba (only internally) to connect via a share, I am
having problems with the access rights how can I allow access to their
directories without possibly having to change the parent directory
permissions to a "looser" security setting (ie I am having to add rx other
so that FTP and Samba can see the parent)

Or has anyone any ideas on how I can remotely distribute the webpages so
each website lives in their owners own home dir without accidentally
creating a security hole or 2

Mike.

I think most people would probably use mod_userdir which automaticly adds a
directory for each user.

See http://httpd.apache.org/docs-2.1/en/...d_userdir.html for details

It automaticly takes any request for http://myserver/~username and attempts
to find a directory ( defaultly public_html ) in that users root. i.e.
/home/username/public_html

If you wanted to specify directories without using this mod you could also
create aliases in your config. i.e. alias /bobsDocuments/
"/home/bob/MyDocuments"

Either way you will have to make sure that the user that apache runs under
has access to access those directories and files. I usually make the users
home dir g+x and public_html g+rx not forgetting to make them group
accessable to what ever user you have apache runing under.

It's tempting sometimes to just make the users part of apaches group, but
then you can get into security holes if your not carefull, like users
editing other users content, I would also add a default root to thier ftp
making it so they cannot cd below thier home and remove any shell access by
giving them a null shell or editing their shell autoexec script, ( .bash,
..login, etc... ) to exit and make them editable only by root.

"Michael Forster" <admin@muckworld.com> wrote in message
news:3f11253c@news.userve.net...
> I have a webserver running quite well, BUT.
> I need to give certain users full access to certain directories and not
> others.
> Currently I am changing ownership of the directories to match and giving
> them a symlink to the dirs in their home directories for FTP access, but
now
> also they are using Samba (only internally) to connect via a share, I am
> having problems with the access rights how can I allow access to their
> directories without possibly having to change the parent directory
> permissions to a "looser" security setting (ie I am having to add rx
other
> so that FTP and Samba can see the parent)
>
> Or has anyone any ideas on how I can remotely distribute the webpages so
> each website lives in their owners own home dir without accidentally
> creating a security hole or 2
>
> Mike.
>
>
>