Results 1 to 4 of 4
  1. #1
    Serious Vulnerability
    Murlyn's Avatar
    Member Since
    Jun 11, 2003
    Location
    Mount Vernon, WA
    Posts
    4,915
    Specs:
    MacBook Pro 2.6 GHz Core 2 Duo 4GB RAM OS 10.5.2
    Serious Vulnerability
    Ok I have a serious vulnerability in the way that we are hosting websites on an xserve that I administer.

    The problem is with the way personal file sharing works. It allows users to view what is in their Sites folder by going to

    http://www.host.com/~user/

    While this is great it causes problems because we have in their Sites folder their domain folder.. so for example:

    /Users/username/Sites/domain.com/public_html/

    So if a person goes to:

    http://www.host.com/~user/domain.com/

    they can view all the files etc in that directory.. not good at all!

    Does anyone know how I can turn off personal file sharing in OS X server? The normal Sharing Preference does not allow me to do this..

    Help!

  2. #2
    Serious Vulnerability
    Graphite's Avatar
    Member Since
    Feb 25, 2003
    Location
    Tropical Island, Jealous?
    Posts
    5,279
    Specs:
    MacPro 3.0Ghz 16GB RAM, 4x256 Vid, 30''cinema display
    There is a terminal command.. check here: http://www.osxfaq.com/

  3. #3
    Serious Vulnerability
    Murlyn's Avatar
    Member Since
    Jun 11, 2003
    Location
    Mount Vernon, WA
    Posts
    4,915
    Specs:
    MacBook Pro 2.6 GHz Core 2 Duo 4GB RAM OS 10.5.2
    Well I did something a bit different. I changed the default directories that are created when you create a user so that within the Sites folder there would be a folder named personal/public_html/ and then the index.html and images folders would be in the public_html directory and then within the httpd.conf file I changed it so that a Users personal webpage would be found in Sites/personal/public_html and this took care of all vulnerabilities. Which means within the Sites folder a user would have these folders:

    personal/
    domain.com/
    another.com/

    etc etc

    And I am a happy sysadmin once again

    Thanks!

  4. #4
    Serious Vulnerability
    Graphite's Avatar
    Member Since
    Feb 25, 2003
    Location
    Tropical Island, Jealous?
    Posts
    5,279
    Specs:
    MacPro 3.0Ghz 16GB RAM, 4x256 Vid, 30''cinema display
    congrats man

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. FREAK vulnerability
    By dbm in forum Security Awareness
    Replies: 5
    Last Post: 03-04-2015, 08:58 PM
  2. ShellShock vulnerability?
    By fezopolis in forum OS X - Operating System
    Replies: 1
    Last Post: 10-18-2014, 11:59 AM
  3. MS Word vulnerability
    By MacInWin in forum Security Awareness
    Replies: 3
    Last Post: 03-25-2014, 05:12 PM
  4. Mac Vulnerability?
    By dziner in forum Apple Rumors and Reports
    Replies: 6
    Last Post: 01-26-2004, 04:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •