From owner-freebsd-questions@FreeBSD.ORG  Fri Feb 13 07:08:28 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 91756106564A
	for <freebsd-questions@freebsd.org>;
	Fri, 13 Feb 2009 07:08:28 +0000 (UTC)
	(envelope-from jonathan+freebsd-questions@hst.org.za)
Received: from hermes.hst.org.za (onix.hst.org.za [209.203.2.133])
	by mx1.freebsd.org (Postfix) with ESMTP id 8670D8FC14
	for <freebsd-questions@freebsd.org>;
	Fri, 13 Feb 2009 07:08:26 +0000 (UTC)
	(envelope-from jonathan+freebsd-questions@hst.org.za)
Received: from sysadmin.hst.org.za (sysadmin.int.dbn.hst.org.za [10.1.1.20])
	(authenticated bits=0)
	by hermes.hst.org.za (8.13.8/8.13.8) with ESMTP id n1D6qGfI003163
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Fri, 13 Feb 2009 08:52:17 +0200 (SAST)
	(envelope-from jonathan+freebsd-questions@hst.org.za)
From: Jonathan McKeown <jonathan+freebsd-questions@hst.org.za>
Organization: Health Systems Trust
To: freebsd-questions@freebsd.org
Date: Fri, 13 Feb 2009 09:08:24 +0200
User-Agent: KMail/1.9.7
References: <53134.12.68.55.226.1234369337.squirrel@www.academickeys.com>
	<52934.12.68.55.226.1234454699.squirrel@www.academickeys.com>
	<BE0B52A92B1794E7697D8DA3@utd65257.utdallas.edu>
In-Reply-To: <BE0B52A92B1794E7697D8DA3@utd65257.utdallas.edu>
X-Face: $@VrUx^RHy/}yu]jKf/<4T%/d|F+$j-Ol2"2J$q+%OK1]&/G_S9(=?utf-8?q?HkaQ*=60!=3FYOK=3FY!=27M=60C=0A=09aP=5C9nVPF8Q=7DCilHH8l=3B=7E!4?=
	=?utf-8?q?2HK6=273lg4J=7Daz?=@1Dqqh:J]M^"YPn*2IWrZON$1+G?oX3@
	=?utf-8?q?k=230=0A=0954XDRg=3DYn=5FF-etwot4U=24b?=<FO&kjQCGnjz>dTS{i<i?:=p!]'t#K~4)cr7o%ygQiso
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Message-Id: <200902130908.24871.jonathan+freebsd-questions@hst.org.za>
X-Spam-Score: -4.228 () ALL_TRUSTED,AWL,BAYES_00
X-Scanned-By: MIMEDefang 2.61 on 209.203.2.133
Subject: Re: Restricting users to their own home directories / not letting
	users view other users files...?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2009 07:08:28 -0000

On Thursday 12 February 2009 19:15:21 Paul Schmehl wrote:
> If you set the world readable bit, you break the entire schema.  To make it
> work, world must have no access - not even directory search access.  So you
> set u=rwx,g=srx,o-rwx (or 2750), for homedirs and u=rw,g=sr,o-rwx (or 2640)
> for files.  To maintain the schema you would also need to change the users'
> umask to 027 or (script a perm change periodically to remove the world bits
> from new files.)
>
> If you want to get more granular, you can set the homedirs and all subdirs
> to owner:owner and only set the public_html dir and its subdirs to
> owner:www.  The key is to remove the world access from the homedirs and
> everything under them, set the group to www, setgid and change the umask.

setgid on the directory is a SysV-ism to switch on BSD behaviour. FreeBSD 
always sets group ownership of files to the group of the directory they're 
created in, so all you need to do is change the ownership of the directory 
and the umask.

Jonathan