2009/2/12 Uwe Laverenz u...@laverenz.de:
On Thu, Feb 12, 2009 at 09:39:18AM -0500, Keith Palmer wrote:
Thanks so much, this solution works really well! It doesn't lock users out
of the entire system, but it does ensure that users can't view other
user's files via SFTP/SSH, which is fantastic.
2009/2/17 Chris Rees utis...@googlemail.com:
2009/2/12 Uwe Laverenz u...@laverenz.de:
On Thu, Feb 12, 2009 at 09:39:18AM -0500, Keith Palmer wrote:
Thanks so much, this solution works really well! It doesn't lock users out
of the entire system, but it does ensure that users can't view other
Chris Rees schrieb:
Do you really mean sticky? Or do you mean sgid? Sgid directories are
I mean the setgid bit (octal 2000). You are right, sticky is something
different. :) For some reason I don't remember anymore I got used to
using the term sticky for this.
mea culpa!
Uwe
On Thursday 12 February 2009 03:07:42 Paul Schmehl wrote:
Sorry if I wasn't clear.
I wasn't suggesting that the *users* chgrp the files. Keith would do that
as root. Then he sets the setgid bit to www (or whatever the web user is),
and from that point going forward any files created by the
On Wed, Feb 11, 2009 at 11:22:17AM -0500, Keith Palmer wrote:
I realize I can fix this by setting the permissions on the /home/shannon
directory to 700. *However* then Apache (running as user www) won't
display the documents in /home/shannon/public_html from
http://ip-address/~shannon/;,
Paul,
Thanks so much, this solution works really well! It doesn't lock users out
of the entire system, but it does ensure that users can't view other
user's files via SFTP/SSH, which is fantastic.
The actual syntax for setting the setgid bit on directories is:
find /path/to/directory -type d
On Thu, Feb 12, 2009 at 09:39:18AM -0500, Keith Palmer wrote:
Thanks so much, this solution works really well! It doesn't lock users out
of the entire system, but it does ensure that users can't view other
user's files via SFTP/SSH, which is fantastic.
This solution enforces the switch of all
Your other proposed solution results in the same situation, correct? No
matter what, Apache needs read-access to any and all files, so no matter
what PHP will have access to read any user's files. There's no way around
that for a shared hosting situation that I know of...
If you remove the
On Thu, Feb 12, 2009 at 11:04:59AM -0500, Keith Palmer wrote:
Your other proposed solution results in the same situation, correct? No
No, it doesn't. Let's assume shannon is in the login group users, her home
directory would look like this:
drwx-x 2 shannon users 512 Feb 12 17:19
Ahhh... well, that's a considerably more verbose solution than your first
solution. The groups are not the default FreeBSD groups, as I thought you
were using.
I will definitely check that out, thanks!
I looked into restricted shells and such, but I couldn't find any
documentation or
--On Thursday, February 12, 2009 10:04:59 -0600 Keith Palmer
ke...@academickeys.com wrote:
Your other proposed solution results in the same situation, correct? No
matter what, Apache needs read-access to any and all files, so no matter
what PHP will have access to read any user's files.
On Thursday 12 February 2009 19:15:21 Paul Schmehl wrote:
If you set the world readable bit, you break the entire schema. To make it
work, world must have no access - not even directory search access. So you
set u=rwx,g=srx,o-rwx (or 2750), for homedirs and u=rw,g=sr,o-rwx (or 2640)
for
On Wed, Feb 11, 2009 at 11:22:17AM -0500, Keith Palmer wrote:
OK, I'm sure this question has been asked a million times, but I havn't
been able to find a straight answer that actually solves the problem, so
here goes.
We have a FreeBSD server with multiple users. I would rather each user
... really? Write a script to copy the user's files over on a schedule...?
I can see where that might be an option for some people, but that's
entirely not an option in this case. I'd have to schedule it to run every
5 seconds or something to keep users from getting upset.
What if I symlinked
On Wed, Feb 11, 2009 at 01:38:33PM -0500, Keith Palmer wrote:
... really? Write a script to copy the user's files over on a schedule...?
I can see where that might be an option for some people, but that's
entirely not an option in this case. I'd have to schedule it to run every
5 seconds
On Wednesday 11 February 2009 07:22:17 Keith Palmer wrote:
OK, I'm sure this question has been asked a million times, but I havn't
been able to find a straight answer that actually solves the problem, so
here goes.
We have a FreeBSD server with multiple users. I would rather each user
*not*
--On Wednesday, February 11, 2009 12:38:33 -0600 Keith Palmer
ke...@academickeys.com wrote:
... really? Write a script to copy the user's files over on a schedule...?
I can see where that might be an option for some people, but that's
entirely not an option in this case. I'd have to
2009/2/11 Paul Schmehl pschmehl_li...@tx.rr.com:
--On Wednesday, February 11, 2009 12:38:33 -0600 Keith Palmer
ke...@academickeys.com wrote:
... really? Write a script to copy the user's files over on a schedule...?
I can see where that might be an option for some people, but that's
On Feb 11, 2009, at 8:22 AM, Keith Palmer wrote:
We have a FreeBSD server with multiple users. I would rather each user
*not* be able to view other users' files via an SSH or SFTP session.
i.e.
if I'm logged in as keith I should *not* get a list of files when
I do
ls /home/shannon
I
On Wed, 11 Feb 2009, Keith Palmer wrote:
What if I symlinked each home user's public_html directory to a directory
readable only by Apache? Would Apache be able to read the destination
directory via the symlink, even if it doesn't have permission to access
the destination directory?
You can
Keith Palmer wrote:
OK, I'm sure this question has been asked a million times, but I havn't
been able to find a straight answer that actually solves the problem, so
here goes.
We have a FreeBSD server with multiple users. I would rather each user
*not* be able to view other users' files via an
On Wed, Feb 11, 2009 at 01:23:23PM -0600, Paul Schmehl wrote:
--On Wednesday, February 11, 2009 12:38:33 -0600 Keith Palmer
ke...@academickeys.com wrote:
... really? Write a script to copy the user's files over on a schedule...?
I can see where that might be an option for some people,
On Wed, 2009-02-11 at 11:22 -0500, Keith Palmer wrote:
OK, I'm sure this question has been asked a million times, but I havn't
been able to find a straight answer that actually solves the problem, so
here goes.
We have a FreeBSD server with multiple users. I would rather each user
*not* be
--On Wednesday, February 11, 2009 14:24:13 -0600 Roland Smith
rsm...@xs4all.nl wrote:
Why can't you chgroup and setgid the homedirs to www? (Or whatever
account the web server is running under.) You really have two
requirements:
1) Users can't see other users' files
2) The web server can
--On Wednesday, February 11, 2009 14:24:13 -0600 Roland Smith
rsm...@xs4all.nl wrote:
Why can't you chgroup and setgid the homedirs to www? (Or whatever
account the web server is running under.) You really have two
requirements:
1) Users can't see other users' files
2) The web server can
25 matches
Mail list logo
