so in my case(where I want to provide shell accounts), the permissions for
the HOME should be set to 600(so that no one other then the owner is able
to read/write/execute the files in his home) and the umask to 022 (which is
the default for RH). The rights for www or public_html should be 644 (to let
every one read the files).
Nauman
------Original Message------
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: July 24, 2000 5:40:19 AM GMT
Subject: Re: group,file permissions
On Sun, 23 Jul 2000, Nauman ul-Haque wrote:
> Hi,
> I want to give shell acounts to users on my machone. I am using RH 6.2.
> I am confused about two three little things, first of all when I add a
user
> using "adduser" script with RH, it adds a new user with a new group
> everytime, isnt it a little "unpracticle" ? as in how can one handle so
> many
> groups? shouldnt it be that a standard group for users is made and
every
> time a nsew user is added , he is added to that users group.
> Now I think we can give parameters to that "adduser" script and add all
the
> users to one group, or one can edit it to add the users to the same
group
> everytime, what problems me the most is that if i add the users to the
same
> group, what should be the default permissions given to them (or their
HOME)
> so that there might not be any security breach, should I set it to be
700
> ?thats the most secure I guess, but is this not workable in any
situation.
They just won't be able to see one another's files. The usual reason to
put users in the same group is so they can share _some_ resource[s], but
it doesn't have to be $HOME that they share.
> So I set this to be the default permissions of their home with the same
> group for every user added to whole the shell is to be given.
> Now the other thing is that when they create a new file, it may have
the
> permissions 744, so that means every user in that group can read any
other
> user's file in the same group, how do I change the default permissions
of
> the file when a file is created? so that every time a new file is made,
by
> default it has permissions like 700. Should I do it, or is there any
dark
> side to 700 for the default permissions?
You can set the default permissions for new files with umask.
typically this is done in a shell startup file such as /etc/profile, but
that may vary some by distro. man umask is pretty good, and short.
Maybe /etc/bashrc on RH? umask 22 (disallow write for all but owner) is
the usual default, but there is no reason it can't be 66 or 77.
> Thanks a lot
> Nauman
>
Lawson
| We apologize if this message has reached you in error.
| Save the Planet, Save the Trees! Advertise via E mail.
________________________________________________________________
YOU'RE PAYING TOO MUCH FOR THE INTERNET!
Juno now offers FREE Internet Access!
Try it today - there's no risk! For your FREE software, visit:
http://dl.www.juno.com/get/tagj.
-----------------------------------------------
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
