[scponly] scponly & multiple users with same uid
Kaleb Pederson
kibab at icehouse.net
Sun Nov 5 11:50:52 EST 2006
On Sunday 05 November 2006 7:24 am, Peter Haijen wrote:
> The reason I've not been thinking about using ACL is that a user would
> still be able to block access from the apache daemon (I haven't really used
> ACL before so my experience is limited here).
No. You should be able to setup a default ACL, one that will be applied to
all the files underneath a certain directory, so apache will always have the
access that you define in the ACLs.
> Also, if the web browser would
> be compromised, the user's files would still be in danger even with ACL I
> figure. The only real advantage with ACL would be that users would be
> protected from other users, but I figured this would be an acceptable risc
> because my users have a chrooted jail and are only allowed to copy files in
> and out anyway.
Ideally, yes that may be the case. But what if the chroot breaks? Then there
is a huge difference. What if the users home directly accidently gets set to
scponly instead of scponlyc? Again, that's a huge difference. You want to
choose the setup that is as secure as possible and still works for your
requirements. Thus, if something goes wrong -- whatever it might be, you
will be in the best shape possible.
--Kaleb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20061105/f0f570af/attachment.bin
More information about the scponly
mailing list