New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Web Design and Hosting Creating sites, scripting, and hosting discussions.

Serious Vulnerability


Post Reply New Thread Subscribe

 
Thread Tools
Murlyn

 
Murlyn's Avatar
 
Member Since: Jun 11, 2003
Location: Mount Vernon, WA
Posts: 4,909
Murlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to all
Mac Specs: MacBook Pro 2.6 GHz Core 2 Duo 4GB RAM OS 10.5.2

Murlyn is offline
Ok I have a serious vulnerability in the way that we are hosting websites on an xserve that I administer.

The problem is with the way personal file sharing works. It allows users to view what is in their Sites folder by going to

http://www.host.com/~user/

While this is great it causes problems because we have in their Sites folder their domain folder.. so for example:

/Users/username/Sites/domain.com/public_html/

So if a person goes to:

http://www.host.com/~user/domain.com/

they can view all the files etc in that directory.. not good at all!

Does anyone know how I can turn off personal file sharing in OS X server? The normal Sharing Preference does not allow me to do this..

Help!
QUOTE Thanks
Graphite

 
Graphite's Avatar
 
Member Since: Feb 25, 2003
Location: Tropical Island, Jealous?
Posts: 5,279
Graphite has much to be proud ofGraphite has much to be proud ofGraphite has much to be proud ofGraphite has much to be proud ofGraphite has much to be proud ofGraphite has much to be proud ofGraphite has much to be proud ofGraphite has much to be proud ofGraphite has much to be proud of
Mac Specs: MacPro 3.0Ghz 16GB RAM, 4x256 Vid, 30''cinema display

Graphite is offline
There is a terminal command.. check here: http://www.osxfaq.com/
QUOTE Thanks
Murlyn

 
Murlyn's Avatar
 
Member Since: Jun 11, 2003
Location: Mount Vernon, WA
Posts: 4,909
Murlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to all
Mac Specs: MacBook Pro 2.6 GHz Core 2 Duo 4GB RAM OS 10.5.2

Murlyn is offline
Well I did something a bit different. I changed the default directories that are created when you create a user so that within the Sites folder there would be a folder named personal/public_html/ and then the index.html and images folders would be in the public_html directory and then within the httpd.conf file I changed it so that a Users personal webpage would be found in Sites/personal/public_html and this took care of all vulnerabilities. Which means within the Sites folder a user would have these folders:

personal/
domain.com/
another.com/

etc etc

And I am a happy sysadmin once again

Thanks!
QUOTE Thanks
Graphite

 
Graphite's Avatar
 
Member Since: Feb 25, 2003
Location: Tropical Island, Jealous?
Posts: 5,279
Graphite has much to be proud ofGraphite has much to be proud ofGraphite has much to be proud ofGraphite has much to be proud ofGraphite has much to be proud ofGraphite has much to be proud ofGraphite has much to be proud ofGraphite has much to be proud ofGraphite has much to be proud of
Mac Specs: MacPro 3.0Ghz 16GB RAM, 4x256 Vid, 30''cinema display

Graphite is offline
congrats man
QUOTE Thanks

Post Reply New Thread Subscribe


« PHP help | Designing Web Graphics »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Prospective owner with serious question connollyck Apple Notebooks 11 03-04-2005 12:51 AM
I need some serious HELP livelarg Apple Desktops 3 02-04-2005 08:22 PM
I have no idea how serious this is Rob Chase Apple Desktops 18 12-15-2004 04:30 PM
Serious PC user switches to Mac: my thoughts after a few months cardwellm Switcher Hangout 5 07-27-2004 11:53 AM
Mac Vulnerability? dziner Apple Rumors and Reports 6 01-26-2004 04:45 AM

All times are GMT -4. The time now is 06:30 PM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?