Chris Rees schrieb:
Do you really mean sticky? Or do you mean sgid? Sgid directories are
I mean the setgid bit (octal 2000). You are right, "sticky" is something
different. :) For some reason I don't remember anymore I got used to
using the term "sticky" for this.
mea culpa!
Uwe
2009/2/17 Chris Rees :
> 2009/2/12 Uwe Laverenz :
>> On Thu, Feb 12, 2009 at 09:39:18AM -0500, Keith Palmer wrote:
>>
>>> Thanks so much, this solution works really well! It doesn't lock users out
>>> of the entire system, but it does ensure that users can't view other
>>> user's files via SFTP/SSH
2009/2/12 Uwe Laverenz :
> On Thu, Feb 12, 2009 at 09:39:18AM -0500, Keith Palmer wrote:
>
>> Thanks so much, this solution works really well! It doesn't lock users out
>> of the entire system, but it does ensure that users can't view other
>> user's files via SFTP/SSH, which is fantastic.
>
> This
On Thursday 12 February 2009 19:15:21 Paul Schmehl wrote:
> If you set the world readable bit, you break the entire schema. To make it
> work, world must have no access - not even directory search access. So you
> set u=rwx,g=srx,o-rwx (or 2750), for homedirs and u=rw,g=sr,o-rwx (or 2640)
> for f
--On Thursday, February 12, 2009 10:04:59 -0600 Keith Palmer
wrote:
Your other proposed solution results in the same situation, correct? No
matter what, Apache needs read-access to any and all files, so no matter
what PHP will have access to read any user's files. There's no way around
that
Ahhh... well, that's a considerably more verbose solution than your first
solution. The groups are not the default FreeBSD groups, as I thought you
were using.
I will definitely check that out, thanks!
I looked into restricted shells and such, but I couldn't find any
documentation or information
On Thu, Feb 12, 2009 at 11:04:59AM -0500, Keith Palmer wrote:
> Your other proposed solution results in the same situation, correct? No
No, it doesn't. Let's assume shannon is in the login group users, her home
directory would look like this:
drwx-x 2 shannon users 512 Feb 12 17:19
Your other proposed solution results in the same situation, correct? No
matter what, Apache needs read-access to any and all files, so no matter
what PHP will have access to read any user's files. There's no way around
that for a shared hosting situation that I know of...
If you remove the groups
On Thu, Feb 12, 2009 at 09:39:18AM -0500, Keith Palmer wrote:
> Thanks so much, this solution works really well! It doesn't lock users out
> of the entire system, but it does ensure that users can't view other
> user's files via SFTP/SSH, which is fantastic.
This solution enforces the switch of a
Paul,
Thanks so much, this solution works really well! It doesn't lock users out
of the entire system, but it does ensure that users can't view other
user's files via SFTP/SSH, which is fantastic.
The actual syntax for setting the setgid bit on directories is:
find /path/to/directory -type d -ex
On Wed, Feb 11, 2009 at 11:22:17AM -0500, Keith Palmer wrote:
> I realize I can fix this by setting the permissions on the "/home/shannon"
> directory to 700. *However* then Apache (running as user "www") won't
> display the documents in "/home/shannon/public_html" from
> "http://ip-address/~shann
On Thursday 12 February 2009 03:07:42 Paul Schmehl wrote:
>
> Sorry if I wasn't clear.
>
> I wasn't suggesting that the *users* chgrp the files. Keith would do that
> as root. Then he sets the setgid bit to www (or whatever the web user is),
> and from that point going forward any files created b
--On Wednesday, February 11, 2009 14:24:13 -0600 Roland Smith
wrote:
Why can't you chgroup and setgid the homedirs to www? (Or whatever
account the web server is running under.) You really have two
requirements:
1) Users can't see other users' files
2) The web server can read all users' web
--On Wednesday, February 11, 2009 14:24:13 -0600 Roland Smith
wrote:
Why can't you chgroup and setgid the homedirs to www? (Or whatever
account the web server is running under.) You really have two
requirements:
1) Users can't see other users' files
2) The web server can read all users' web
On Wed, 2009-02-11 at 11:22 -0500, Keith Palmer wrote:
> OK, I'm sure this question has been asked a million times, but I havn't
> been able to find a straight answer that actually solves the problem, so
> here goes.
>
> We have a FreeBSD server with multiple users. I would rather each user
> *not
On Wed, Feb 11, 2009 at 01:23:23PM -0600, Paul Schmehl wrote:
> --On Wednesday, February 11, 2009 12:38:33 -0600 Keith Palmer
> wrote:
>
> > ... really? Write a script to copy the user's files over on a schedule...?
> >
> > I can see where that might be an option for some people, but that's
> > e
Keith Palmer wrote:
OK, I'm sure this question has been asked a million times, but I havn't
been able to find a straight answer that actually solves the problem, so
here goes.
We have a FreeBSD server with multiple users. I would rather each user
*not* be able to view other users' files via an S
On Wed, 11 Feb 2009, Keith Palmer wrote:
What if I symlinked each home user's public_html directory to a directory
readable only by Apache? Would Apache be able to read the destination
directory via the symlink, even if it doesn't have permission to access
the destination directory?
You can do
On Feb 11, 2009, at 8:22 AM, Keith Palmer wrote:
We have a FreeBSD server with multiple users. I would rather each user
*not* be able to view other users' files via an SSH or SFTP session.
i.e.
if I'm logged in as "keith" I should *not* get a list of files when
I do
"ls /home/shannon"
I rea
2009/2/11 Paul Schmehl :
> --On Wednesday, February 11, 2009 12:38:33 -0600 Keith Palmer
> wrote:
>
>>
>>
>> ... really? Write a script to copy the user's files over on a schedule...?
>>
>> I can see where that might be an option for some people, but that's
>> entirely not an option in this case.
--On Wednesday, February 11, 2009 12:38:33 -0600 Keith Palmer
wrote:
... really? Write a script to copy the user's files over on a schedule...?
I can see where that might be an option for some people, but that's
entirely not an option in this case. I'd have to schedule it to run every
5 sec
On Wednesday 11 February 2009 07:22:17 Keith Palmer wrote:
> OK, I'm sure this question has been asked a million times, but I havn't
> been able to find a straight answer that actually solves the problem, so
> here goes.
>
> We have a FreeBSD server with multiple users. I would rather each user
> *
On Wed, Feb 11, 2009 at 01:38:33PM -0500, Keith Palmer wrote:
>
> ... really? Write a script to copy the user's files over on a schedule...?
>
> I can see where that might be an option for some people, but that's
> entirely not an option in this case. I'd have to schedule it to run every
> 5 seco
... really? Write a script to copy the user's files over on a schedule...?
I can see where that might be an option for some people, but that's
entirely not an option in this case. I'd have to schedule it to run every
5 seconds or something to keep users from getting upset.
What if I symlinked e
On Wed, Feb 11, 2009 at 11:22:17AM -0500, Keith Palmer wrote:
>
> OK, I'm sure this question has been asked a million times, but I havn't
> been able to find a straight answer that actually solves the problem, so
> here goes.
>
> We have a FreeBSD server with multiple users. I would rather each u
25 matches
Mail list logo
