[scponly] scponly make jail scripting advice

Kaleb Pederson kpederson at mail.ewu.edu
Mon Apr 3 17:13:47 EDT 2006


You would be better off using mod-rewrite to do this.  It can handle it 
dynamically for any user if you used regex based find/replace.

It would probably look something like this:

RewriteRule ^/~([^/]+)[/]?$ /~$1/incoming/ [R]

That said... I don't know off the top of my head where you would put the code 
to do this as I use a different methodology to create the chroots.

Thanks.

--Kaleb

On Monday 03 April 2006 1:37 pm, Gregory L. Magnusson wrote:
> Hello,
>
> This is my first post to this board and I hope this is the appropriate
> place for this question \ solution. I have installed scponly-4.6 on
> OpenBSD 3.8 with Apache 1.3.9. I have scponly chrooted inside Apache,
> which is also chrooted on OpenBSD by default. This is an ideal setup for
> my purposes. Nice work! I looked for this solution for a long time.
>
> My situation
> //var/www/users//username/incoming
>
> My issue.
>
> On a build using make jail, the users chrooted home directory is root
> owned and world readable from inside the Apache tree. That is fine. The
> issue is that this home directory is a part of Apache and can be viewed
> over the web.
>
> <!-- http://www.myserver.com/~username shows the contents of the home
> directory root owned read only -->
>
> I work around this by including a php redirect script named index.php in
> each of the created folders and subfolders.
>
> echo "<html><head><title>scponly-redirection</title></head><body><?php
> header(\"location: /~\$targetdir/\$incoming/"); ?></body></html>" >
> index.php
>
> I put this index.php file in every directory created by the make jail
> script  (substituting the username and incoming directory with real
> values) to prevent outside access and to redirect requests to the users
> public directory in a straightforward manner.
>
> bin
> etc
> usr
> usr/bin
> usr/lib
> usr/libexec
> incoming (optional)
>
> My question as a scripting newbie is this. I would like to generate this
> index.php file in each folder with the the make jail commnd. Where, and
> how would I add the above script creation to the command make jail to
> generate an index.php file in each folder?
>
>
>
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20060403/21eb9c45/attachment.bin


More information about the scponly mailing list