[scponly] scponly make jail scripting advice
Gregory L. Magnusson
glm at cyborgspiders.com
Mon Apr 3 16:37:25 EDT 2006
Hello,
This is my first post to this board and I hope this is the appropriate
place for this question \ solution. I have installed scponly-4.6 on
OpenBSD 3.8 with Apache 1.3.9. I have scponly chrooted inside Apache,
which is also chrooted on OpenBSD by default. This is an ideal setup for
my purposes. Nice work! I looked for this solution for a long time.
My situation
//var/www/users//username/incoming
My issue.
On a build using make jail, the users chrooted home directory is root
owned and world readable from inside the Apache tree. That is fine. The
issue is that this home directory is a part of Apache and can be viewed
over the web.
<!-- http://www.myserver.com/~username shows the contents of the home
directory root owned read only -->
I work around this by including a php redirect script named index.php in
each of the created folders and subfolders.
echo "<html><head><title>scponly-redirection</title></head><body><?php
header(\"location: /~\$targetdir/\$incoming/"); ?></body></html>" >
index.php
I put this index.php file in every directory created by the make jail
script (substituting the username and incoming directory with real
values) to prevent outside access and to redirect requests to the users
public directory in a straightforward manner.
bin
etc
usr
usr/bin
usr/lib
usr/libexec
incoming (optional)
My question as a scripting newbie is this. I would like to generate this
index.php file in each folder with the the make jail commnd. Where, and
how would I add the above script creation to the command make jail to
generate an index.php file in each folder?
More information about the scponly
mailing list