08-15-2003, 04:04 PM

Ok I have a serious vulnerability in the way that we are hosting websites on an xserve that I administer.

The problem is with the way personal file sharing works. It allows users to view what is in their Sites folder by going to

http://www.host.com/~user/

While this is great it causes problems because we have in their Sites folder their domain folder.. so for example:

/Users/username/Sites/domain.com/public_html/

So if a person goes to:

http://www.host.com/~user/domain.com/

they can view all the files etc in that directory.. not good at all!

Does anyone know how I can turn off personal file sharing in OS X server? The normal Sharing Preference does not allow me to do this..

Help!

08-15-2003, 10:00 PM

There is a terminal command.. check here: http://www.osxfaq.com/

08-15-2003, 10:08 PM

Well I did something a bit different. I changed the default directories that are created when you create a user so that within the Sites folder there would be a folder named personal/public_html/ and then the index.html and images folders would be in the public_html directory and then within the httpd.conf file I changed it so that a Users personal webpage would be found in Sites/personal/public_html and this took care of all vulnerabilities. Which means within the Sites folder a user would have these folders:

personal/
domain.com/
another.com/

etc etc

And I am a happy sysadmin once again

Thanks!

08-15-2003, 11:33 PM

congrats man