I notice that the program is set up to not allow non-admin users access to their websites. Just a thought, is it possible to make it so that these users can have access to their directories and below? Basically, I give my friends access to webspace but I don't want them having access to my entire site so I don't make them admins but I wanted them to be able to upload their graphics.
Jan 24, 2002, 5:25 PM
Administrator (9387 posts)
Jan 24, 2002, 5:25 PM
Post #2 of 6
Views: 4391
Hi,
What directory do you limit them access to? Is it the same for all users? If you can give me some examples, I can see what we can do.
Cheers,
Alex
--
Gossamer Threads Inc.
What directory do you limit them access to? Is it the same for all users? If you can give me some examples, I can see what we can do.
Cheers,
Alex
--
Gossamer Threads Inc.
Jan 24, 2002, 5:47 PM
New User (4 posts)
Jan 24, 2002, 5:47 PM
Post #3 of 6
Views: 4400
I've given accounts on http://www.webstylists.com/ to several friends of the type to where someone with a username of "testuser" would have a root domain name of http://www.webstylists.com/~testuser/
Through FTP the user "testuser" has the directory of /home/sites/site4/users/testuser/ while their web directory is /home/sites/site4/users/testuser/web/ (basically the same way a site administrator is but only having access underneath their account.)
I had found out how you left notes about commenting out a few lines to let non-admins use the program which is great and I notice it's good about not letting non-admins upload or get files from places they shouldn't but it's kindof confusing because they have to traverse the directory structure to find their home directory. If it made /home/sites/site4/users/testuser/ the root directory automatically then it would do exactly what I was looking for it to do.
I guess the way to do the check would be: If the user is the administrator, account root the default root and don't let the user go any higher (eg /home/sites/site4/). If the user is not an administrator then go to that users default directory and don't let them go any higher (eg /home/sites/site4/users/testuser/).
Jan 24, 2002, 5:56 PM
Administrator (9387 posts)
Jan 24, 2002, 5:56 PM
Post #4 of 6
Views: 4382
Thanks, we'll see what we can do. Should be pretty easy, just a matter of changing $root_dir to the users web directory instead of the site admins directory.
Cheers,
Alex
--
Gossamer Threads Inc.
Cheers,
Alex
--
Gossamer Threads Inc.
Jan 24, 2002, 6:10 PM
New User (4 posts)
Jan 24, 2002, 6:10 PM
Post #5 of 6
Views: 4385
Exactly, though I wouldn't complain if you passed it to the actual user directory (/users/testuser/) rather than the user's web directory (/users/testuser/web/) and either way it's important that the user be able to manipulate files in /users/testuser/ because if they have scripts they would logically write datafiles to /users/testuser/ and directories underneath that.
Thanks for such an awesome program!
Jan 29, 2002, 2:54 PM
New User (4 posts)
Jan 29, 2002, 2:54 PM
Post #6 of 6
Views: 4382
I got it to work by changing the section:
Code:
# This checks to see if the logged in user is in the group that owns the home directory (typically # sitenn). If you want to allow non site admins to use this tool, you can either add them individually
# to the group, or comment out the following lines.
my $dir_gid = (stat($root_dir))[5];
my ($gr_name, $gr_passwd, $gr_gid, $members) = getgrgid($dir_gid);
unless ($members =~ /$ENV{REMOTE_USER}/) {
die sprintf ($GT::FileMan::Commands::LANGUAGE{COBALT_BADGROUP}, $root_dir, $ENV{REMOTE_USER}) . "\n";
}
to:
Code:
# This checks to see if the logged in user is in the group that owns the home directory (typically # sitenn). If you want to allow non site admins to use this tool, you can either add them individually
# to the group, or comment out the following lines.
my $dir_gid = (stat($root_dir))[5];
my ($gr_name, $gr_passwd, $gr_gid, $members) = getgrgid($dir_gid);
unless ($members =~ /$ENV{REMOTE_USER}/) {
$root_dir = $root_dir . "/users/" . $user;
}
This is on a Raq 4i, don't know how it would work on other systems, this is mostly to give an idea of one way it could be done (I've tested it a bit, don't know how secure it is, hopefully I don't find out.