Serious Vulnerability

Murlyn · Murlyn #1 (**permalink**)

08-15-2003, 04:04 PM

Ok I have a serious vulnerability in the way that we are hosting websites on an xserve that I administer.

The problem is with the way personal file sharing works. It allows users to view what is in their Sites folder by going to

http://www.host.com/~user/

While this is great it causes problems because we have in their Sites folder their domain folder.. so for example:

/Users/username/Sites/domain.com/public_html/

So if a person goes to:

http://www.host.com/~user/domain.com/

they can view all the files etc in that directory.. not good at all!

Does anyone know how I can turn off personal file sharing in OS X server? The normal Sharing Preference does not allow me to do this..

Help!

Graphite · Graphite #2 (**permalink**)

08-15-2003, 10:00 PM

There is a terminal command.. check here: http://www.osxfaq.com/

Murlyn · Murlyn #3 (**permalink**)

08-15-2003, 10:08 PM

Well I did something a bit different. I changed the default directories that are created when you create a user so that within the Sites folder there would be a folder named personal/public_html/ and then the index.html and images folders would be in the public_html directory and then within the httpd.conf file I changed it so that a Users personal webpage would be found in Sites/personal/public_html and this took care of all vulnerabilities. Which means within the Sites folder a user would have these folders:

personal/
domain.com/
another.com/

etc etc

And I am a happy sysadmin once again

Thanks!

Graphite · Graphite #4 (**permalink**)

08-15-2003, 11:33 PM

congrats man

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Prospective owner with serious question	connollyck	Apple Notebooks	11	03-04-2005 01:51 AM
I need some serious HELP	livelarg	Apple Desktops	3	02-04-2005 09:22 PM
I have no idea how serious this is	Rob Chase	Apple Desktops	18	12-15-2004 05:30 PM
Serious PC user switches to Mac: my thoughts after a few months	cardwellm	Switcher Hangout	5	07-27-2004 12:53 PM
Mac Vulnerability?	dziner	Apple Rumors and Reports	6	01-26-2004 05:45 AM

New To Mac-Forums?

Mac-Forums Brief

Serious Vulnerability

Hosting and Cloud

Data Centers

Web Development

Performance Marketing

Consumer Tech

Interested In Great Deals on Apple Products?

Murlyn #1 (permalink)
Member Since: Jun 11, 2003 Location: Mount Vernon, WA Posts: 4,914 Mac Specs: MacBook Pro 2.6 GHz Core 2 Duo 4GB RAM OS 10.5.2	08-15-2003, 04:04 PM Ok I have a serious vulnerability in the way that we are hosting websites on an xserve that I administer. The problem is with the way personal file sharing works. It allows users to view what is in their Sites folder by going to http://www.host.com/~user/ While this is great it causes problems because we have in their Sites folder their domain folder.. so for example: /Users/username/Sites/domain.com/public_html/ So if a person goes to: http://www.host.com/~user/domain.com/ they can view all the files etc in that directory.. not good at all! Does anyone know how I can turn off personal file sharing in OS X server? The normal Sharing Preference does not allow me to do this.. Help!
	QUOTE Thanks

Graphite #2 (permalink)
Member Since: Feb 25, 2003 Location: Tropical Island, Jealous? Posts: 5,279 Mac Specs: MacPro 3.0Ghz 16GB RAM, 4x256 Vid, 30''cinema display	08-15-2003, 10:00 PM There is a terminal command.. check here: http://www.osxfaq.com/
	QUOTE Thanks

Graphite #4 (permalink)
Member Since: Feb 25, 2003 Location: Tropical Island, Jealous? Posts: 5,279 Mac Specs: MacPro 3.0Ghz 16GB RAM, 4x256 Vid, 30''cinema display	08-15-2003, 11:33 PM congrats man
	QUOTE Thanks

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)