You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Michael Weber <mw...@alliednational.com> on 2002/12/12 19:41:12 UTC
[users@httpd] Multiple publishers, security question
I am putting an intranet together where each department will maintain
their own web pages under the main intranet page. My question is, what
is the right way to have hr publish to intranet/hr, is publish to
intranet/is, etc.
What I have tried without success is to create a /home/hr/www directory
and symlink that to /var/intranet/html/hr. Doing this allows hr to
publish, but apache gives 403's. (I checked for read access, .htaccess
files,
etc.)
So, I turned it around. I created a /var/intranet/html/is directory,
changed the owner to is:is, and linked that to /home/is/www. Now
apache
can see the files, but the users can't publish files. M$ Explorer
see's
the symlink as a file rather than a folder. (No flames, please. We
have users maintaining web pages who still look for the "any" key!)
What I did as an interim measure is to create the
/var/intranet/html/<department-code> directories, change ownership, and
insert that directory into /etc/passwd as the home directory. Everyone
is happy, except me. I'm fairly certain there is a better, more
secure,
more standard way to do this.
I've looked in the archives but I can't come up with a search string
that gives me anything close.
What's the best practice here?
Thanx!
Michael
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org