On Tue, 2004-10-19 at 18:41, Steve Holdoway wrote:
> There's nothing particularly tricky with the special stuff, you just
> need a deeper understanding of security, which is *always* a good idea
> on a multi-user operating system.
I agree that learning how security works on a multi-user system is
important. However, it will take far more than a short email to unravel
the mysteries of sgid bits [1], and I suspect that most members of the
LUG have machines with a grand total of two or three "normal" users :)
As an aside, the Solaris man-page for chmod has 1521 words by my count,
while the Linux man page for chmod only has 752. Not good or bad
(ducking from the Wrath of Glynn), just different ;)
> I would like to reiterate that the alternate method of changing file
> modes is *much* safer! eg using find . | xargs chmod 666 to make all
> files world writeable will take a lot of clearing up afterwards. And
> yes, I know from bitter experience!
chmod -R +rX ~/public_html/
:)
[1] I do not want to explain sgid, or suid, as understanding why they
are necessary requires a good understanding of the Posix security
model. People are having trouble figuring out read-permissions, so
it would be best to avoid sgid and suid for a while. With any luck
we will get SE-Linux to sort a lot of the mess out for usâ
--
Michael JasonSmith http://www.ldots.org/
