[gollem] user can read all dirs

Markus Krause krause at biochem.mpg.de
Wed Apr 9 16:45:14 PDT 2003


Am Mit, 2003-04-09 um 17.33 schrieb Chuck Hagenbuch:
> Quoting Markus Krause <krause at biochem.mpg.de>:
> 
> > i'd like to use gollem with "Virtual Home Directories".
> > i created the directory /var/www/horde-vfs-home, there i created all the
> > dirs for the users (with chmod 700). if i choose "file manager" in the
> > menu, then "virtual home directories" from the server pull-down menu i
> > get to the right dir (/var/www/horde-vfs-home/<user>). but from there i
> > can go up one directory and reach /var/www/horde-vfs-home, where all
> > user dirs are listed an are accessable! how can i prevent this?
> 
> Tell us how you've configured gollem/config/backends.php and we can tell you
> how to fix it.
> 
> -chuck
first thanks for your fast response!

ok, you can find it atached my gollem/config/backends.php to this email.
iirc the things i changed:
- emptied all ftp-server entries
- edited $backends['file']

btw: is it possible to switch directly to the "virtual home directories
page" without selecting an ftp-server (because i do not have another)

	markus
-------------- next part --------------
<?php
/**
 * $Horde: gollem/config/backends.php.dist,v 1.12 2003/02/27 21:32:07 chuck Exp $
 *
 * This file is where you specify what backends people using your
 * installation of Gollem can log in to. There are a number of properties
 * that you can set for each backend:
 *
 * name: This is the plaintext, english name that you want displayed
 * to people if you are using the drop down server list.
 *
 * driver:    The VFS (Virtual File System) driver to use to connect. Valid 
 *            options are 'ftp' to connect to an ftp server. 'file' to work 
 *            with a local file system. 'sql' for sql back VFS.
 *
 * preferred: This is only useful if you want to use the same backend.php
 *            file for different machines: if the Hostname of the Gollem
 *            Machine is identical to one of those in the preferred list,
 *            then the corresponding option in the select box will include
 *            SELECTED, i.e. it is selected per default. Otherwise the
 *            first entry in the list is selected.
 *
 * hordeauth: If this parameter is present and true, then Gollem will attempt
 *            to use the user's existing credentials (the username/password
 *            they used to log in to Horde) to log in to this source. If this
 *            parameter is 'full', the username will be used unmodified; otherwise,
 *            everything after and including the first @ in the username will be
 *            stripped off before attempting authentication.
 *
 * params:    A params array containing any additional information that the
 *            VFS driver needs.
 *
 * home:      The directory that will be used as home directory for the user.
 *            This parameter will overrule a home parameter in the params 
 *            array.
 *
 * root:      The directory that will be the "top" or "root" directory. This 
 *            is in addition to a vfsroot parameter set in the params array.
 */

$backends['ftp'] = array(
    'name' => 'FTP Server',
    'preferred' => '',
    'driver' => 'ftp',
    'params' => array('hostspec' => '',
                      'port' => 21)
);

// This backend uses Horde credentials to automatically log in.
$backends['hordeftp'] = array(
    'name' => 'FTP Server',
    'driver' => 'ftp',
    'preferred' => '',
    'hordeauth' => true,
    'params' => array('hostspec' => '',
                      'port' => 21)
);

$backends['sql'] = array(
    'name' => 'SQL Server',
    'driver' => 'sql',
    'preferred' => '',
    'params' => array('phptype' => 'mysql',
                      'hostspec' => 'localhost',
                      'database' => 'horde',
                      'username' => 'horde',
                      'password' => 'horde',
                      'table' => 'horde_vfs'),
);

// This backend specifies a home directory and root directory in a SQL
// vfs.
$backends['sqlhome'] = array(
    'name' => 'SQL Server with home',
    'driver' => 'sql',
    'preferred' => '',
    'params' => array('phptype' => 'mysql',
                      'hostspec' => 'localhost',
                      'database' => 'horde',
                      'username' => 'horde',
                      'password' => 'horde',
                      'table' => 'horde_vfs'),
    'root' => '/home',
    'home' => '/home/' . Auth::getAuth(),
);

// NOTE: /usr/local/data/home and all subdirectories should be, for
// security reasons, owned by your web server user and mode 700 or you
// will need to use suexec or something else that can adjust the web
// server effective uid.
$backends['file'] = array(
    'name' => 'Virtual Home Directories',
    'driver' => 'file',
    'preferred' => 'voodoo.biochem.mpg.de',
    'params' => array('vfsroot' => '/var/www/horde-vfs-home/',
                      'home' => Auth::getAuth())
);


More information about the gollem mailing list