Date: Sun, 5 Dec 1999 03:19:34 -0800 From: Brent Kearney <brent@kearneys.ca> To: "Network Admin [JPeterson]" <jay@qtm.net> Cc: questions@freebsd.org Subject: Re: User Quotas - and Multiple Groups Message-ID: <19991205031934.A806@kearneys.ca> In-Reply-To: <PCEIIOODPEIJJFAGCCEFAEJNCBAA.jay@qtm.net>; from jay@qtm.net on Sun, Dec 05, 1999 at 12:58:49AM -0500 References: <74E45CD96094D311B7F900608C71F775A962@gatekeeper.fns.ru> <PCEIIOODPEIJJFAGCCEFAEJNCBAA.jay@qtm.net>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Sorry to sound like a pedant, but you may get a better response if you used separate posts for so many different questions... On Sun, Dec 05, 1999 at 12:58:49AM -0500, Network Admin [JPeterson] wrote: > a) Users should not be able to FTP in and CWD to other users homedirs, the > way I found to accomplish this and still allow web access was to put all > users in the primary group 'user' and make each users home dir chmod 0705 > and owned by [username]:user so that others in the group 'user' had no > access but world (i.e. httpd) still could see the subdir of www which is > 0755 and [username]:www -- Is this the best way to accomplish what I want or > is there another way? What is wrong with the default groups of username:username? Setting home directories to 711 would disallow read access from other users, and allow Apache access to ~/www. Is it just the CWD you're concerned about, or is it the files inside? Without read or write access, the files are fairly safe. I can't think of what risk there could be in changing into a directory, if user can't "ls" it. > c) Directory permissions: > We have a web designing firm that authors sites for several companies who > host here, currently in order to allow the firm to post pages via FTP I must > chown -R the ~customer/www directory to the firm's username, this makes it > impossible for the customer to make any changes.. is there any way to add > the firm's username or a special group access to these directories? > This is pretty confusing. Are you saying that the web designing firm is a customer of yours (i.e., has an account on your system), or are you working with/for the web designing firm that owns the box? I'll interpret it this way: one user (username "firm", say) needs access to other user's ~/www directories. In this case, you could make ~/www group-writable (2771, perhaps) and add firm to that user's group. -Brent ____________________________________________ brent@kearneys.ca "The follies of the last debauch should be buried in eternal oblivion, in order to give full scope to the follies of the next." --David Hume Of Political Society ____________________________________________ [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: XSAHs9DI3TscS90krE3//Cf/ZSjCtiln iQA/AwUBOEpKRf5LgQMksPsjEQKhYgCfRpCjDO/+ugRuFyCcjLj1k3PRpjkAoJMx /7oBxnPUYCEKbki7ZWsI2RYo =hKVu -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991205031934.A806>