|
naughty user must be stopped
Hello,
This is a rather annoying problem but I hope there is a solution. I have a user on my server, whom I cannot just kick off, that insists upon setting up webpages which link to mp3s(also on the server). I have been pretty quick about catching him and setting things straight but I was hoping that there might be a more certain way that wouldn't require my constant attention. I have come up with a few ideas but none seem perfect: 1) make a script that searches the web server for *.mp3 and deletes them and then make it a cron job run every so often. 2) set the umask so no one can read files by default and since he doesn't know how to use linux very well he won't be able to access them. Ideally I would like something like umask but only for filenames that are formated a specific way, I know that he could simply rename them but I don't think it would occur to him. A solution that doesn't use a lot of server time when nothing needs to be fixed would also be good. Thanks! |
This might be more trouble than it's worth, but could you put him in a user group all by himself and put some serious restrictions on what that user can read or write?
|
can't you just fiddle around with the permissions on the mp3's and do as said above... create one group that can access the mp3's, and don't put him, or anybody else you don't want to get to the mp3's in a different group?
|
If you have a set of rules for this server, post them. After so many times when they break it, ban them from the system after giving them warnings. If they know they aren't suppose to put mp3's on the server, let them know they will lose access to it.
|
You have to become drunk with power, proper UNIX administration is all about machiavellian tactics. Cronjobbing a Chmod'ding of his files 700 would do the trick, but confound him and give him a reason to fiddle with things that might lead to a bigger headache. You gotta let him know he's messing with powers that be. For instance, at the college where I work we have 20, 50 or 100 MB quotas on our generic university accounts. One of the ways to dodge this for a semester or so was to drop things in /tmp where they wouldn't get cleared out for a while. It was cute, we could stuff a couple hundred megs there and feel like we were getting away with something. One joker though started abusing the heck out of it; directories full of gigs of goop... one day he found all of his files still there, still the same size with the same file names, but every file was just the sentence "Stop abusing temp space" repeated over and over in plain text.
What I'm wondering is why you can't just bounce this guy? If I'm not being to nosy. I don't know, maybe replacing every mp3 he puts up with the exact same Bob Dylan tune over and over again but leave the file names the same? Cheers, Finegan |
sharper - I don't know of a way that you can make files with specifically formated file name have different permissions when they are UPLOADED to the server. If I could do this then I wouldn't need to make a specific group but your solution only works if I can do that first. Thanks though.
adam_boz - The files are uploaded by him so I would have to run a cron job to find the files then change their permissions, which is what I already figured out. Thanks though. trickykid - I can't ban him. There are very complex reasons for this but the easiest way to put it is say: he partly owns the server but chooses not to follow the rules that have been posted. I am trying to find a way to make it not worth his time to go against the rules. Basically he can't complain that he can no longer break the rules if I find a solution. finegan - your suggestions are along the lines I was thinking but still require running some cron job that changes things around on him, which might be the only solution, but I was hoping that someone might have a less processor intensive solution. Thanks for the suggestions! |
well if all he is doing is doing http transfers, you can put in a mime type in apache and point it over to /bin/true
that *might* work, it might not, but it would be nifty if it did. |
|
RijilV - That seems like a really good idea, I will try it out when I get a chance. I will post the results. Thanks!
markus1982 - I am worried about his http sharing the files, I don't run ftp because it is insecure. Thanks though. |
Couldn't you just add an extra process in the upload script, so when he uploads files to his dir and larger than say 1.5 megs and/or with mp3 extension they'll get uploaded but automagically truncated?
That way he would be doing the cleaning up himself :-] |
I meant with the FTP stuff that you block him at THE SERVER LEVEL = BEFORE stuff gets spread at all ... that's the idea behind it. If you want to block him at the HTTP level check out the Files-Directive!
Like to deny access to all file starting with .ht* u'd use something like: Quote:
|
markus1982 - Ah! I miss-understood you, that is exactly what I want. Someone had suggested something similar. Thanks!
|
Arg! I read up on <FilesMatch> and added the below code to my httpd.conf file:
<FilesMatch "\.(?i:mp3|wma)$"> Order allow,deny Deny from all </FilesMatch> I restarted httpd and I could still dl mp3s and wmas. I tried a few different formats thinking that might be the problem but nothing worked. I even rebooted the server. Maybe I should try <File> does anyone know when <FilesMatch> was implemented? Perhaps my version is too old(I hope not). Thanks for all the help! |
If it would be invalid you'd get an error and would not be able to startup apache at all! As far as I know apache v2 and apache v1 have different opportunities here ...
Quote:
Code:
# apache v1 |
I'm running apache v1 and well I get (in the error log)
[Tue Nov 19 22:27:46 2002] [error] [client xxx.xxx.xxx.xxx] client denied by server configuration: /server/apache/htdocs/download/1.mp3 So as you can see it works flawlessly ... |
| All times are GMT -5. The time now is 01:44 PM. |