Originally Posted by
Ian-on-the-Trent
can you make the user directory private so no-one other than the user can see what's inside?
When you say "user directory" do you mean your user home folder (/home/user/ or whatever) or do you mean the contents of each torrentflux user?
Assuming you mean the torrentflux user folders, it's not easy to keep them hidden/private. If you have multiple users in torrentflux, they can all see what the others have downloaded.
It's possible to have two (or more) different installations of torrentflux on the same machine (just put them in different folders and create distinct databases for each). So you could have a public copy that most people use, and keep a separate copy running for private/sensitive things.
On the Linux side, the directory where the downloads get stored (/var/www/torrentflux/downloads/ or whatever) will typically be readable by everyone. However if you want to make it less visible, you can set it (and all sub-dirs) to be owned by "www-data" using the "chown" command (this is probably already the case), and then set the permissions to be restrictive as well using "chmod". Something like:
Code:
cd /var/www/torrentflux
sudo chown www-data:www-data downloads -R
sudo chmod 600 downloads -R
sudo chmod u+X downloads -R
Once this is done, only the user "www-data" (the webserver) will be able to read or write into that directory. So to check the contents or copy a file out, you will have to use admin power via "sudo" (obviously anyone with sudo-power will be able to find the files).
You'll also need to secure apache a bit to prevent someone from browsing those directories (since the apache webserver can browse them). There is a directive you can set in apache's config to suppress listing directory contents.
Yet another question: how hack-proof is
torrentflux?
Interesting question. Torrentflux is a 'small-target' so it's unlikely many people are trying to hack it. I'm not aware of any major vulnerability in it, but it's entirely possible someone could exploit a flaw in it (true of all net-facing apps). Since torrentflux is run by the webserver, most hacks would be isolated to whatever directories the webserver can read/write.
So, I don't think it's a major worry, but you should in general not put important/sensitive files into directories that the webserver can read.
Bookmarks