[gollem] prevent user from accessing others files
Andy Dorman
adorman at ironicdesign.com
Sun Aug 10 23:06:10 UTC 2014
On 08/10/2014 04:09 PM, Per olof Ljungmark wrote:
> Hi,
>
> What should be changed in this configuration to contain users in their
> home directory without access to '/' ?
>
> $backends['file'] = array(
> // Disabled by default
> 'disabled' => false,
> 'name' => 'Virtual Home Directories',
> 'driver' => 'file',
> 'hordeauth' => true,
> 'params' => array(
> // The base location under which the user home directories live.
> 'vfsroot' => '/usr/home/horde/vfs',
> // The default permissions to set for newly created folders and
> files.
> 'permissions' => '700'
> ),
> 'loginparams' => array(),
> 'root' => '/',
> 'home' => $GLOBALS['registry']->getAuth(),
> // 'createhome' => false,
> // 'filter' => '^regex$',
> // 'quota' => false,
> 'shares' => false,
> 'attributes' => array(
> 'type',
> 'name',
> 'share',
> 'edit',
> 'download',
> 'modified',
> 'size',
> 'permission'
> )
> );
>
> Thank you,
>
> //per
>
In your backends.local.php set the root level to be the same as their
/home directory. A user can not go to a directory below the root.
We use sqlhome. The default setup looks like this in backends.php
$backends['sqlhome'] = array(
...
'root' => '/home',
'home' => '/home/' . $GLOBALS['registry']->getAuth(),
...
And we change the root in backends.local.php
$backends['sqlhome']['root'] = '/home/' . $GLOBALS['registry']->getAuth();
--
Andy Dorman
More information about the gollem
mailing list