Roland Tapken wrote: > Hi, > > >>> so there is no need to protect /etc/passwd from reading, except if you >>> don't want to disclose the list of local users. >>> In that case, you must go with the chroot stuff, otherwise it would be >>> (at least) possible to list directories in /home >>> > > You can do this via the chgrp method, too. Just chown /home to root:webusers > and remove the group-read-flag (NOT the group-exec-flag, otherwise a user > won't be able to access his own home): > > $ chown root:webusers /home > $ chmod 715 /home > > Removing the read flag from a directory prevents the user to read the > directory contents, but if the executable flag is set he still can access a > file or subdirectory if he knows the name.
why fiddling with permissions and groups where you can isolate _everything_ wasting some disk space? AFAIK, chrooting is the way that big hosting providers uses. this also lets you limit the commands a user can execute, while root can still use every binary. _______________________________________________ suPHP mailing list [email protected] https://lists.marsching.com/mailman/listinfo/suphp
