|
Grex > Coop11 > #111: Enabling Directory Listings in User's Web Directories | |
|
| Author |
Message |
janc
|
|
Enabling Directory Listings in User's Web Directories
| 
Jul 10 20:41 UTC 1999 |
This is kind of an obscure/minor point, but the issue came up and staff
thought it might as well have some public discussion.
Grex allows people to create web directories for themselves. Normally
one would create an index.html file in each directory which would be
displayed if access the directory without specifying a file (eg, if you
hit http://www.grex.org/~janc/ then you see the (boring) contents of
/a/j/a/janc/www/index.html. The question at issue is what happens if
there is no index.html file in a web directory, and someone tries to
access the directory. Two options are common:
(A) You get a directory list, listing names, last modification dates,
and sizes of files in the directory. Clicking on a file name
displays the file.
(B) You get an error.
Grex is currently configured for option B. The thought was that option
A, though common, is not an intuitively expected behavior.
Some people have wondered if we should turn this on. Staff generally
didn't seem to give a darn one way or the other.
|
| 38 responses total. |
other
|
|
response 1 of 38:
|
Jul 11 08:15 UTC 1999 |
as srw pointed out to me in his response to my email on the topic back in
february, someone could create an account and log on and look at the contents
of a user's www directory, so why not permit them to look at the contents of
that directory without creating another account?
|
mdw
|
|
response 2 of 38:
|
Jul 11 08:40 UTC 1999 |
Why not make a link to /etc ?
|
jerome
|
|
response 3 of 38:
|
Jul 13 14:11 UTC 1999 |
One nice feature of option (A) is that if one forgot/mistyped/whatever a
specific web page then they can traverse the directory tree to find it
("Oh, it's '.../foo42.txt', I thought it was '.../foo.txt'").
It's also nice that if there isn't an index.html or if the user specified
a certain subdirectory (that exists), then they at least get _something_
instead of "404", which may help them find what they were looking for.
I think enabling this feature would be a Good Thing.
|
dpc
|
|
response 4 of 38:
|
Jul 13 14:14 UTC 1999 |
Me, too. I hate for people to get an error message when they
try to do something.
|
nestene
|
|
response 5 of 38:
|
Jul 13 14:52 UTC 1999 |
Would option A allow people to look at everything under ~nestene,
or only the contents of ~nestene/www ?
|
jep
|
|
response 6 of 38:
|
Jul 13 15:31 UTC 1999 |
You could only see the user's public_html directory, right? Not their
home directory.
|
janc
|
|
response 7 of 38:
|
Jul 13 16:49 UTC 1999 |
You could normally only see things under their "www" subdirectory (which
is what "public_html" is called on Grex).
Things get mildly more interesting if people put symbolic links in their
www directories, like, say a link to "/". If we configured Apache to
follow symbolic links in those directories (which we probably wouldn't)
then they could view any publically readable file or directory on Grex.
Of course, they can also do that by telnetting in, so that's probably no
big deal either.
|
albaugh
|
|
response 8 of 38:
|
Jul 13 19:12 UTC 1999 |
Stick with option B. People have no business snooping, even if by accident,
in others' file directories. If the owner wanted the user to see the contents
of the directory, he could prepare an index.html or some other file for that
purpose.
|
lilmo
|
|
response 9 of 38:
|
Jul 13 21:59 UTC 1999 |
I'm inclined to agree with albaugh, unless there's some pressing reason to
go the other way. If I don't have a www directory, would anyone on the web
be able to see anything in my directories?
|
mdw
|
|
response 10 of 38:
|
Jul 14 04:25 UTC 1999 |
Yes.
|
janc
|
|
response 11 of 38:
|
Jul 14 05:13 UTC 1999 |
No.
|
mdw
|
|
response 12 of 38:
|
Jul 14 05:52 UTC 1999 |
Yes. All you would need do is visit
http://www.cyberspace.org/~mdw/root/a/l/i/lilmo
Now, you *could* argue that perhaps I shouldn't have a symlink to root
in my www directory, but the fact is, I didn't use any special
permissions to make it, so anyone could make this, so if we turn the
directory option on, we ought to be willing to publish everyone's home
directory in just this fashion. Or, even better yet, perhaps we should
set it up so that http://www.cyberspace.org/everything/a/l/i/lilmo works
and we don't need to worry about search engines discovering 6 different
paths to everything on grex.
|
scg
|
|
response 13 of 38:
|
Jul 14 06:44 UTC 1999 |
Apache can be set not to follow symlinks.
|
fungster
|
|
response 14 of 38:
|
Jul 14 06:56 UTC 1999 |
I agree with Marcus. Yes. Let's say that I have a group of files
available under http://www.cyberspace.org/~fungster/naotw, like
when I was publishing News Articles of the Week. Each NAOTW file
is individually numbered. I could have had a link on the main
NAOTW page to www.grex.org/~fungster/naotw/archive to the
individual file, which are all named under a date scheme, but
because of the current configuration, I have to make a page
with the links to them, which actually uses up more bandwidth
than it would option A.
|
mdw
|
|
response 15 of 38:
|
Jul 14 11:34 UTC 1999 |
I think symlinks are more valuable than auto-opening directories.
|
janc
|
|
response 16 of 38:
|
Jul 15 02:10 UTC 1999 |
Why? Symlinks would probably be turned off only for users' www
directories, not for system directories. I don't think a lot of users
have any compelling need for symlinks.
The bigger problem with turning symlinks off is that doing so means
Apache must check every directory in the path name to see if it is a
symlink, and this can be a bit slow. That's the main reason we
currently have them enabled. However, if the symlinks were turned off
only in the user directories, it would check only the part of the path
name below the user's www directory, which normally isn't much.
|
mdw
|
|
response 17 of 38:
|
Jul 15 11:38 UTC 1999 |
I don't think users have any compelling reasons for auto-opening
directories either. For users who can't be bothered to write one by
hand, we could supply a trivial program to make one, and it's a *lot*
more efficient to run that program once and save the results to disk,
than to waste the CPU each time to construct the same thing.
I also don't necessarily think it's a *problem* if we make everything on
the user filesystems by default published to the web world. After all,
anyone who really wanted, could just take out & account and look right
now. I just don't think we should try to pussy-foot around this; either
we should decide "yup, users are responsible for deciding what they want
to publish", and not have auto-opening directories, or we should decide
that "grex is going to make it easy for users to publish", and not
bother pretending that some parts of the filesystem are "published" and
some are not.
|
janc
|
|
response 18 of 38:
|
Jul 16 03:19 UTC 1999 |
I don't have any strong opinions one way or the other about whether
directory listings should be turned on or not. I don't have any strong
opinions about whether symbolic links should be followed if they are
turned on.
|
steve
|
|
response 19 of 38:
|
Jul 19 15:06 UTC 1999 |
Given the general level of inexperience that many people now have when
setting up web pages (here and elsewhere) I can see that showing the dir
of the person who didn't quite see how to do things might result in the
displaying of files that the user didn't mean to show. Yes, anyone on
Grex would have access to whatever those files were, but by making them
accessable on the web they have a far greater audience then if it were
limited to Grex.
Therefore I'd think that option B makes the most sense for Grex.
|
remmers
|
|
response 20 of 38:
|
Jul 22 02:02 UTC 1999 |
My druthers would be to have both directory listings and symlinks
enabled, on the grounds that I can think of reasonable uses for
both features, and that enabling them will not allow people to
see any files and directories that they can't already see when
they telnet or direct-dial in.
Speaking from personal experience, I've used the symlink feature
(to make a file that's not in my web directory visible via the
web) and the directory-listing feature (not on Grex, to make a
group of related files available over the web without the hassle
of having to maintain an index file). Not having those features
available would make things somewhat less convenient for me.
And if they're useful to me, they're no doubt useful to other
people too.
The Grex philosophy has always been that we keep the system as
open as possible, depermitting features only when permitting them
proves to be a significant problem. We do a modest amount of
protecting the users from themselves -- e.g. not making people's
mail files and directories world-readable -- but aside from that
protecting a user's files is basically that user's responsibility.
Why should we have a different philosophy from that for web access?
If you think about it, saying that directory listings shouldn't
be enabled because the feature could be used for potentially
mischievious purposes is like saying that users shouldn't have
access to the C compiler because it can be used for potentially
mischievious purposes. In fact, the C compiler *is* regularly
used for mischievious purposes, like writing fork bombs and
compiling eggdrop. That's a worse problem than anything that
could happen from enabling directory listings over the web, I
think. But I don't hear anyone saying that we should take the
C compiler away from users.
So I'd like to see web directory listings enabled, and have
symlinks continue to be enabled as well.
|
other
|
|
response 21 of 38:
|
Jul 22 03:44 UTC 1999 |
in general, i agree with the above comments in #20.
however, i would like to point out what i think may be part of the thinking
behind the opposite position.
the community of people who actually *do* telnet or dial-in to grex is
extremely small compared to the number of people who use the web.
people on grex who do not bother to depermit world read access to their
directories and files have a measure of "security through obscurity" under
the current circumstances. someone would have to go to much greater effort
to collect and read files from unsuspecting grexers now than would be the case
with active directory listing *and* symlinks.
because of the relatively old technology of the grex interface, i think users
feel there is a kind of barrier between grex and the rest of the internet
which protects them and their data. this sense of protectedness may continue
with the changes proposed, but the actual level of protection would in
actuality be decreased.
to reiterate, the only real protection is obscurity, but full web access to
permitted personal directories on grex would diminish that obscurity.
that said, i still would prefer to see directory listings for www
subdirectories enabled, even if not necessarily the same for symlinks.
|
albaugh
|
|
response 22 of 38:
|
Jul 22 18:38 UTC 1999 |
I like symlinks, keep 'em. #21 said quite well why I think that directory
listings for missing index.html file should *not* be enabled.
|
lilmo
|
|
response 23 of 38:
|
Jul 23 16:09 UTC 1999 |
It is reasonably easy for anyone on grex to look at my files, but that is a
very small number of ppl, many of whom are somewhat privacy-obsessed
themselves. I would not want to make it similarly easy for gemeral Web ppl,
b/c that is a very LARGE no. of ppl, many of whom have no concept whatsoever
of Netiquette. I don't know what it means to have auto-dir or Symlink on,
but I don't want to open up general user files to the wider Web community any
more than they are now. If ppl with web pages want their www dir more open,
that's fine with me, but don't drag my dir down the same path.
I find my head spinning, and just want my position clear.
|
dang
|
|
response 24 of 38:
|
Jul 25 20:31 UTC 1999 |
I'd very much like to not allow access to the whole file system from our
web server. Suppose the passwd and shadow files were indexed? Can you
imagine the number of idiot would-be vandals who would love to get their
hands on our password file through the web? And, the web server doesn't
have the slow down hooks that the ftp server does, so it would be a
significant strain on our link. I don't care one way or the other about
either thing, but I'd like to see our password file not available via
the web. (I know, the shadow file is depermitted. It was an example.
The password file isn't)
|