2009/2/17 Chris Rees <utis...@googlemail.com>: > 2009/2/12 Uwe Laverenz <u...@laverenz.de>: >> On Thu, Feb 12, 2009 at 09:39:18AM -0500, Keith Palmer wrote: >> >>> Thanks so much, this solution works really well! It doesn't lock users out >>> of the entire system, but it does ensure that users can't view other >>> user's files via SFTP/SSH, which is fantastic. >> >> This solution enforces the switch of all user directories to group "www", >> which also means that any member of the group www gets access to these >> directories. This would be even more dangerous if your webserver runs >> with gid www and contains a php-module or something similar with a long >> tradition of security problems. Sorry, but you really, really should not >> do it this way. >> >> The sticky bit for group www on the public_html directories can be a good >> idea, though. >> >> bye, >> Uwe >> >> _______________________________________________ >> firstname.lastname@example.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" >> > > Do you really mean sticky? Or do you mean sgid? Sgid directories are > unnecessary in BSD systems anyway. In the (one true UNIX) BSD Way, new > files in a directory are always of the group of the directory. > > Sticky is something completely different > http://www.gsp.com/cgi-bin/man.cgi?section=8&topic=sticky > > -- > R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > (sendmail.cf) >
Alright, let's go into a culture shock mode, and suggest a change in layout. [ch...@amnesiac]~% ls -l /home/chris total 1712 drwx----- 6 chris chris 512 Dec 8 15:40 home/ drwxr-xr-x- 1 chris chris 1743 Nov 22 14:35 public_html/ And stick the contents of the home directory in home/ Only trouble is if you don't want dotfiles (.cshrc etc) visible, but you'll have to live with that. Or set the permissions 700. Be careful with dotfiles, don't forget .* matches .. too :( Chris -- R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > (sendmail.cf) _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"