Strange behavior in access rigths

lilianb · 2006-12-19 13:56:53 UTC

Hi all,

I have two users with ftp/telnet access : A and B.
A is myself, B can be a temporary user.

I let B manage his directory using ftp. I offer him web access because of the remap subsir functionnality. BUT, I want to set up & lock his .htaccess in order control/limit his web.

So in his /home/Baccount/RemapSubdir/ I create my .htaccess and chmod it to 700 for example

then I test using B ftp account, B can delete this file with no problem. He only receives this strange question : remove write protected regular file ? and the file is deleted

.htaccess has A as user owner and groupAB as group owner

I miss something

gosh

system · 2006-12-19 17:33:57 UTC

The directory in which .htaccess resides is “owned” by user B, and user B has write permission to the directory; therefore, B can “evict” or delete files he doesn’t own from his property (directory).

–
They need more support help.
Pay me (and DreamHost gets 5%+$0.30) Cut the code: [color=#00CC00]9999=$99.99 Off[/color]

rehevkor5 · 2007-08-29 01:55:27 UTC

I am having a similar problem.

I have a directory called /restricted which has an .htaccess and an .htpasswd

Under that I have remapped subdirectories to different users, like /restricted/user1. I would like the .htaccess under the /restricted folder to apply to those subdirectories, but it does not. How do I get around this?

Lensman · 2007-08-29 03:27:56 UTC

When you say this, what exactly do you mean? Do you mean to say that you’ve remapped http://yourdomain.tld/restricted/user1/ to /user/user1/somedirectory?

Free unique IP and $67 off with promo code [color=#CC0000]LMIP67[/color] or use [color=#CC0000]LM97[/color] for $97 off. Click for more promo code discounts

rehevkor5 · 2007-08-29 03:28:55 UTC

Yes that’s exactly correct.

Lensman · 2007-08-29 03:37:04 UTC

Have you considered using symbolic links instead?

BTW, still thinking about why your original action didn’t work. I’m sure that someone else will pop up with the answer before I can figure it out.

Free unique IP and $67 off with promo code [color=#CC0000]LMIP67[/color] or use [color=#CC0000]LM97[/color] for $97 off. Click for more promo code discounts

Atropos7 · 2007-08-29 04:28:38 UTC

Remapped subdirectories actually use the Alias directive handled by mod_alias.

That said, Apache is mapping the URL to the new path before beginning the directory walk for .htaccess files. You could stick “deny from all” in the document root and the remapped subdirectory will still be accessible!

openvein.org -//- One-time [color=#6600CC]$50.00 discount[/color] on [color=#0000CC]DreamHost[/color] plans: Use ATROPOS7

rehevkor5 · 2007-08-29 04:43:12 UTC

::drool:: symlink does it perfectly! thanks!!

For anyone else looking at this, check out the “ln” command.