From owner-freebsd-questions@FreeBSD.ORG  Mon Mar 10 12:14:08 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 8F71A460
 for <freebsd-questions@freebsd.org>; Mon, 10 Mar 2014 12:14:08 +0000 (UTC)
Received: from uk1rly2283.eechost.net (uk1rly2283.eechost.net [217.69.47.236])
 by mx1.freebsd.org (Postfix) with ESMTP id 56D8A8E
 for <freebsd-questions@freebsd.org>; Mon, 10 Mar 2014 12:14:07 +0000 (UTC)
Received: from [31.186.37.179] (helo=smtp.marelmo.com)
 by uk1rly2283.eechost.net with esmtpa (Exim 4.72)
 (envelope-from <steve@sohara.org>)
 id 1WMysK-0001ek-0Y; Mon, 10 Mar 2014 12:00:08 +0000
Received: from [192.168.63.1] (helo=steve.marelmo.com)
 by smtp.marelmo.com with smtp (Exim 4.82 (FreeBSD))
 (envelope-from <steve@sohara.org>)
 id 1WMyri-0002yB-B1; Mon, 10 Mar 2014 11:59:30 +0000
Date: Mon, 10 Mar 2014 11:59:29 +0000
From: Steve O'Hara-Smith <steve@sohara.org>
To: "BONNET, Frank" <frank.bonnet@esiee.fr>
Subject: Re: ACL questions
Message-Id: <20140310115929.eb304369181268388c84b851@sohara.org>
In-Reply-To: <CA+7qukxY4XZZr3oWjzpnL+g6taNkbMd7pOHUDegORAmK6RrvgA@mail.gmail.com>
References: <CA+7qukxY4XZZr3oWjzpnL+g6taNkbMd7pOHUDegORAmK6RrvgA@mail.gmail.com>
X-Mailer: Sylpheed 3.3.0 (GTK+ 2.24.22; amd64-portbld-freebsd9.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Auth-Info: 15567@permanet.ie (plain)
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Mar 2014 12:14:08 -0000

On Mon, 10 Mar 2014 12:51:50 +0100
"BONNET, Frank" <frank.bonnet@esiee.fr> wrote:

> Hello
> 
> I have ACL question , for internal purpose I need to let some users access
> to their home directory
> through the WEBDAV protocol with RW access rights.( apache22 )
> 
> Authentication is done with LDAP and works fine
> 
> As the webdav processes are owned by the "www" user it cannot access to
> the user's homedir
> 
> Is it possible to add an ACL to the users's homedir  to give the www user
> RW access to the homedir ?
> 
> I KNOW this is a security risk , this is just a test for now on a small
> set of users
> 
> Any other solutions welcome :-)

	Would a www writable subdirectory do instead of giving full access
to the home directory. It would be simple and safer.

-- 
Steve O'Hara-Smith <steve@sohara.org>