On Wed, Feb 18, 2004 at 02:15:36AM +0100, Javier Fernández-Sanguino Peña wrote:
> You can try to settle it by using umask (as other's have suggested) but 
> users can defeat that. If you _really_ want to fix it, have a cronjob do 
> this (quick and dirty, could be _really_ improved)
> ----------------------------------------------------------
> DIR_TO_FIX=/home/groupX
> GROUP=mygroup
> PERM=g+rwX
> find $DIR_TO_FIX -type f -o -type d | xargs chown $GROUP 
> # or chown -hR $GROUP $DIR_TO_FIX
> find $DIR_TO_FIX -type f -o -type d | xargs chmod $PERM
> # or chmod -hR $PERM $DIR_TO_FIX
> ----------------------------------------------------------

Waaaaaah, SCARY!

Users can create hard links to arbitrary files in that directory, e.g. 
links to other users' private files or to /etc/shadow, and automatically 
get read access to those files.

umask *is* the right solution (together with a sticky-bit dir). Set up a
default umask which allows global read access and *let* users defeat it! If
they know how to change their umask to something more restrictive, they're
bound to know what they're doing!



  __   _
  |_) /|  Richard Atterer     |  GnuPG key:
  | \/¯|  http://atterer.net  |  0x888354F7
  ¯ '` ¯

Reply via email to