private
" to web
private
" to "web"
2006/08/26
/usr/web/bin/rc/webm
webm
is a script that enables Pegasus to work:
In $web/etc/handler
# path mimetype hctl execpath arg ... /private/*/index.html text/html 0 /bin/webm $targetwhere
/private
is a directory that allows webm
to be used.
Of course the directory should be protected from the unauthorized accesses by both HTTP client and system users.
Protection from HTTP client is easy. Password file "$web/etc/passwd
" will resolve the problem.
Protection against system user is somewhat difficult.
private
" to webd-rwxrwx--- alice web ..... privatethen "
private
" is protected against system users. We have two disadvantages:chgrp web private
".private
", because these files are created by httpd and their access mode will be as follows:--rwxrwx--- web web ..... private/fooThen alice can access these file only via httpd.
private
" to "web"d-rwxrwx--- web alice ..... privatethen "
private
" is protected against system users. We have a disadvantage:chgrp -u web private
"./adm/users
":alice1:alice1:alice:webThen giving access mode below to "
private
" will resolve the problem.d-rwxrwx--- alice alice1 ..... privateThe deficiency is in that alice must ask her system administrator to create a group "alice1", but this is only once. Someone might feel this solution is ugly because new group name is introduced only for "web".
d-rwxrwx--- alice web ..... /usr/alice/webThen
chmod 777 privateis enough.
/usr/alice/web
".