I configured fileman, so everyone can login using a single username/password (.htaccess) to upload/download file. Now, when they login, they automatically become the owner,creator of the file and entire directory structure. As a result, they can do all kind of scary things.

On the other hand, if I change the permission of the files from the Unix Level, they cannot upload or modify existing files.

Catch 22 situation.

Is there anyway to setup the authentication so I can resolve this problem?

Thanks

I do not want to use the "pass" option which can create a mess when 200 users create 200 passwords :((

I am not quite sure what you are trying to do. All files and directories are created with the same user ID as the script on the server, not by the user ID they use to log into Fileman. If you uploaded Fileman to www.somedomain.com as user somedomain, anything created in Fileman would be owned by user somedomain (or possibly ‘nobody’ – do a search here for nodody) no matter what they are logged in to Fileman as. This still causes problems if you allow people to upload and execute CGI files and you do not trust them.

Hope that helps.
~Chas

Yes as Piper said, the username given to them for .htaccess use is not assigned to the files they upload. The ownership of the files is determined by the level that fileman runs at (usually your ftp username when you uploaded the script).

Therefore they only have permission to do what your username has permission to do.

If you are not happy with that then create a new user with less privileges and change the ownership of fileman to that user.

Paul
Installations:http://wiredon.net/gt/
Support: http://wiredon.net/forum/