On Thu, 2010-08-12 at 16:44 +0200, roland wrote: > Someone who will install a website on the server. So I thought to give > him a login and config apache to read the dir in his home dir. > He has to upload the files for this site. So I won't him to see only > his home dir. So, if someone else is going to install the serving software, they'll only need to be able to upload files to their workspace, not needing full access to the computer. Though they might, to configure the server. It depends on whether you provide them with an interface for that, or direct access. Moderately risky, more so if you let them install scripts, even more so if it can send emails. But not too hard to secure something like that. You want to learn what the common exploits are, so you can understand securing it, and competently test that you've succeeded. Lots of web hosts around the planet do something similar. Run Apache on some Linux or Unix, give their customers FTP access (or another file transfer scheme) to upload their pages, and use something like CPanel to let them customise their use of the webserver. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
