Hello List,

a question to mod_dav. Some providers offer mod_dav to edit files which are
also editable/writeable by ftp-user?
In most cases ftp-users/apacheuser are different to avoid security problems.
Whats the trick to make this possible without security risk?
could imagine a special user/group setup but all my solutions result in
securityproblems by to much readability.

Thanks,
Hajo


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd.apache.org
" from the digest: users-digest-unsubscribe [at] httpd.apache.org
For additional commands, e-mail: users-help [at] httpd.apache.org

----- "Hajo Locke" <hajo.locke [at] gmx.de> wrote:

> Hello List,
>
> a question to mod_dav. Some providers offer mod_dav to edit files
> which are
> also editable/writeable by ftp-user?
> In most cases ftp-users/apacheuser are different to avoid security
> problems.
> Whats the trick to make this possible without security risk?

It's not so much a trick.. You reverse-proxy DAV (write) requests to a
back-end which is running on an unprivileged port, as an unprivileged
user, who has the permission to do writes on the FS.

> could imagine a special user/group setup but all my solutions result
> in
> securityproblems by to much readability.
>
> Thanks,
> Hajo
>

bye,
i

--
Igor Gali=C4=87

Tel: +43 (0) 664 886 22 883
Mail: i.galic [at] brainsware.org
URL: http://brainsware.org/

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd.apache.org
" from the digest: users-digest-unsubscribe [at] httpd.apache.org
For additional commands, e-mail: users-help [at] httpd.apache.org