Koozali.org: home of the SME Server

Web Pages for Users

Offline Jáder

  • *
  • 1,099
  • +0/-0
    • LinuxFacil
I can do alpha/beta tests
« Reply #15 on: September 08, 2006, 05:15:14 PM »
Hi

I have one configurated SME7 server (using to test SEVERAL things: Hylafax  &winmodem, YUM, byRequest to my Tivo...) so I can do ANY tests you like.
Just let me know: jader.marasca A_T gmail

Jáder
...

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: I can do alpha/beta tests
« Reply #16 on: September 08, 2006, 08:33:02 PM »
Quote from: "jader"
Hi

I have one configurated SME7 server (using to test SEVERAL things: Hylafax  &winmodem, YUM, byRequest to my Tivo...) so I can do ANY tests you like.
Just let me know: jader.marasca A_T gmail

Jáder


yes , can you try the rpm I just make :)

This evening i will do a new release that will create the correct html folder for existing users.
change 755 CHMOD of user directory to 701 that is sufficient, and the html folder to 705.

I am searching a way to secure the personal data that are in the username/home directory

Offline byte

  • *
  • 2,183
  • +2/-0
Re: I can do alpha/beta tests
« Reply #17 on: September 08, 2006, 08:38:48 PM »
Quote from: "unnilennium
I am searching a way to secure the personal data that are in the username/home directory


In this section...

$result .= "\\n";
$result .= "#-------------------------------------------------------\\n";
$result .= "#Generic user dir access directive\\n";
$result .= "#-------------------------------------------------------\\n";
$result .= "<Directory /home/e-smith/files/users/*/home/public_html>\\n";
$result .= "SSLRequireSSL on\\n";
$result .= " AllowOverride FileInfo AuthConfig Limit\\n";
$result .= " Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec\\n";
$result .= " <Limit GET POST OPTIONS PROPFIND>\\n";
$result .= " Order allow,deny\\n";
$result .= " Allow from all\\n";
$result .= " </Limit>\\n";
$result .= " <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>\\n";
$result .= " Order deny,allow\\n";
$result .= " Deny from all\\n";
$result .= " </Limit>\\n";
$result .= "</Directory>\\n";

Why not add an SSLRequireSSL see in red, not sure it's in right place as I've not had a chance to test.
--[byte]--

Have you filled in a Bug Report over @ http://bugs.contribs.org ? Please don't wait to be told this way you help us to help you/others - Thanks!

Offline Jáder

  • *
  • 1,099
  • +0/-0
    • LinuxFacil
where is the RPM / tar.gz ??
« Reply #18 on: September 08, 2006, 08:45:40 PM »
I´m serious... I have a spare server... for a couple of days... so just point me to the tgz/rpm file and I´ll try it to you.
(I can also build an RPM... already have done this ONCE before and I´m a brave soul!)

Jáder
...

Offline byte

  • *
  • 2,183
  • +2/-0
Web Pages for Users
« Reply #19 on: September 08, 2006, 08:53:31 PM »
Quote from: "unnilennium"

here is the first SME7 release http://www.pialasse.com/RPMS with the sources

read the txt=> i have automatized some task that you had to do manually with the old version


Jader it's in his post already as an rpm.

Quote

PS:is there a way to upload the work on a contribs.org directory ?


Send an email to staff
  • contribs [dot] org
--[byte]--

Have you filled in a Bug Report over @ http://bugs.contribs.org ? Please don't wait to be told this way you help us to help you/others - Thanks!

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: I can do alpha/beta tests
« Reply #20 on: September 08, 2006, 09:01:38 PM »
Quote from: "byte"

$result .= "SSLRequireSSL on\\n";
Why not add an SSLRequireSSL see in red, not sure it's in right place as I've not had a chance to test.


it could be another good thing to add, but that's not what i was meaning.

in fact with the configuration that i found in the initial rpm : all the users directory are chmod to 755 and keep chown "user":"user" =>so all the users will be able to see what is in the directory of the others, (unable to write, but able to steal personal information)

so there's two solutions
1- changing the spot of the public_html folder
2- chown every users folder to user:www with chmod 710 and ~/public_html chmod to 770

I think the second solution is good , any ither suggestions ?

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Web Pages for Users
« Reply #21 on: September 09, 2006, 01:38:06 AM »
hello ,

finally a new release:

now the only thing to do is to put your HTML into the public folder to view your personnal webpages.

http://www.pialasse.com/RPMS/smeserver-user-webspace-0.1-5.SME7.noarch.rpm

Changes from 0.1-4:
all old users have a new public_html folder (if does not already exist) all rights are given to folders for apache work.

known issues:
http://server/~user is accessible for new users , but  http://server/user need an expand-template /etc/httpd/conf/httpd.conf; service httpd-e-smith restart to be accessible.


__________________________________________________________


As now the discussion is about a contrib I suggest YOU to continue here :
http://forums.contribs.org/index.php?topic=33660.msg143772#msg143772

Dacky

Web Pages for Users
« Reply #22 on: October 02, 2006, 04:13:04 PM »
Thanks for the hard work.  I got this to work on my older server.  I am now setting up one for our school for the real thing.  

Problem:  If a person copies a file over from the desktop to the public_html folder in their ftp folder, and then someone tries to access, there is a "Forbidden" message.  It is a permission thing.  The file uploaded reads -rw-rw----.  I know how to change the permission of this (755) and then it works, but all my students will not nor will they have shell access to their folders.  Any idea of an easy way to make sure all files uploaded will be 755 or at least readable?  Or another way to get around the permission thing?  I don't want to chmod every file for every user!  The user owns the public_html folder.

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Web Pages for Users
« Reply #23 on: October 02, 2006, 10:31:40 PM »
need to release a fix, but not enough time to test it for the moment...

it seems that i have secured a little more that i should...

Dacky

Web Pages for Users
« Reply #24 on: October 05, 2006, 02:18:38 AM »
I've done some searching in past forums and found that this was a problem a few years ago.  It appears to be a permission problem either in samba or ftp.  As the files are uploaded into the public_html folder, they are rw-rw---, and therefore unaccessible to people.  Some options I came across:

1.  Have an automated script change the permissions of the folders every 5 minutes.  I could not find this script on the linked website.
2.  The default permissions for files created via Samba should be directory 755 and file 644. This can be changed in /etc/e-smith/templates-custom/etc/smb.conf/50homes.
3.  Change proftp.conf file to include
AllowOverwrite on
Umask 022

I have not worked with these programs too much so don't know the scripts.  I have not tried any of these yet.  Do any of these options sound reasonable?  Can the best option be incorporated into the automated script?

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Web Pages for Users
« Reply #25 on: October 05, 2006, 01:33:53 PM »
i was thinking about the cron job solution : i can post you a script this evening (europe time)

JP

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Web Pages for Users
« Reply #26 on: October 05, 2006, 11:37:15 PM »
here is it:
past e this code in a file
Code: [Select]

        ls -1 /home/e-smith/files/users/ >/tmp/listeusers
        cat /tmp/listeusers|while read line
        do
            if [ "admin" !=  "$line" ]
            then
chown -R $line:www  /home/e-smith/files/users/$line/home/public_html
                chmod -R 2770 /home/e-smith/files/users/$line/home/public_html

            fi
        done


then add  a cron job that call this script every 10 or 30 minutes

Dacky

Web Pages for Users
« Reply #27 on: October 06, 2006, 03:08:03 AM »
Thanks,
This is coming along nice now.  One more icing on the cake.  How do I enable dynamic web pages with php?  I can't seem to get a php script to work on a web page.  Looking at the httpd.conf file, I am trying to figure this out.  I came up with a template script but can't get it to cooperate (first attempt at something this complicated).  I am basing this on what I saw in an ibay I created that has dynamic enabled.  This would be something like 94UserWebPhp in the httpd.conf in the template-custom.  I suspect the error is in the first part:

    {
        use esmith::AccountsDB;
        my $accounts = esmith::AccountsDB->open_ro();
        foreach my $accounts
        {
                $OUT .= "\n<Directory /home/e-smith/files/users/" . $accounts . "/home/public_html>\n";
                $OUT .= "        AddType application/x-httpd-php .php .php3 .phtml\n";
                $OUT .= "        AddType application/x-httpd-php-source .phps\n";
                $OUT .= "        php_admin_value open_basedir /home/e-smith/files/users/" . $accounts . $
                $OUT .= "        Options None\n";
                $OUT .= "        Options +Indexes\n";
                $OUT .= "        Options +Includes\n";
                $OUT .= "        AllowOverride None\n";
                $OUT .= "        order deny,allow\n";
                $OUT .= "        deny from all\n";
                $OUT .= "        allow from all\n";
                $OUT .= "    </Directory>\n";
        }
}

Dacky

Web Pages for Users
« Reply #28 on: October 06, 2006, 03:05:02 PM »
I figured out the following script that let my php linked page appear.  I made this a template for /etc/httpd/conf/httpd.conf.

94UserWebPhp

{
        use esmith::AccountsDB;

        $OUT = "";
        my $accounts = esmith::AccountsDB->open;
        my @users = $accounts->users;

        foreach my $user (@users)
        {
                $OUT .= "\n<Directory /home/e-smith/files/users/".$user->key."/$
                $OUT .= "    AddType application/x-httpd-php .php .php3 .phtml\$
                $OUT .= "    AddType application/x-httpd-php-source .phps\n";

                # Set the sandbox within which PHP is confined to play
                my $basedir = $user->prop('PHPBaseDir')
                    || ("/home/e-smith/files/users/" . $user->key . "/");
                $OUT .= "    php_admin_value open_basedir $basedir\n";
                $OUT .= "</Directory>\n";
        }
}

trolljanz

Web Pages for Users
« Reply #29 on: October 12, 2006, 12:40:43 AM »
Hi,


I'm completely dumb about linux, so as minor as the task looks, for me its something completely  new. So please bare with me.


I've successfully :

installed the rpm,

created a user,

upload website via ftp

change th chmod via command line

# chown -R rqb:www  /home/e-smith/files/users/rqb/home/public_html
# chmod -R 2770 /home/e-smith/files/users/rqb/home/public_html


now I want too to enable php, just like ibays do?

So could you explain step by step how to do it?

Cheers

Tiago Janz