From owner-freebsd-questions@FreeBSD.ORG Wed May 11 19:44:12 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9921E16A4CE for ; Wed, 11 May 2005 19:44:12 +0000 (GMT) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A8BE43D7B for ; Wed, 11 May 2005 19:44:12 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id 92B195EAC; Wed, 11 May 2005 15:44:11 -0400 (EDT) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62938-05; Wed, 11 May 2005 15:44:10 -0400 (EDT) Received: from [192.168.1.3] (pool-68-161-53-96.ny325.east.verizon.net [68.161.53.96]) by pi.codefab.com (Postfix) with ESMTP id 76CA95E89; Wed, 11 May 2005 15:44:10 -0400 (EDT) Message-ID: <42826084.3090003@mac.com> Date: Wed, 11 May 2005 15:44:04 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Lewis Thompson References: <20050511165506.GC10213@asu.edu> <428242D7.6040103@mac.com> <20050511174702.GA23222@noisy.compsoc.man.ac.uk> <42824FFA.4080603@mac.com> <20050511185620.GA91019@noisy.compsoc.man.ac.uk> <428259DC.9050802@mac.com> <20050511193111.GA94356@noisy.compsoc.man.ac.uk> In-Reply-To: <20050511193111.GA94356@noisy.compsoc.man.ac.uk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com cc: freebsd-questions@freebsd.org Subject: Re: user owned groups X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 19:44:12 -0000 Lewis Thompson wrote: > On Wed, May 11, 2005 at 03:15:40PM -0400, Chuck Swiger wrote: >>If you "mkdir private && chmod 700 private", any files created under >>private will be safely[1] hidden away from anyone else but you, regardless >>of their permissions or what your umask is. > > Ah, okay. A slightly bad example. How about 0711 (now a home > directory, say /home/lewiz). I would like to have a public_html > directory that is generally accessible. Um. Don't put stuff which you want to be private in a public_html directory. > Since /home/lewiz is now executable is it not possible for somebody to > do, say, cat /home/lewiz/.cshrc? They know the file is there (but can't > use ls to see it) so can access it. Sure, modulo the permissions on .cshrc itself. If you don't want them to, give that file 600 perms. The Unix octal permissions bits work just fine for almost all reasonable cases, but no default is ever going to suit all possible variations of intent. If you want to control access to something, set the access you want explicitly, do not hope that the system defaults will guess what you want. (DWIM is a horrible idea in general, and is an even worse idea for security.) Anyway, if you do want to do something more complex, look to UFS2 and POSIX ACL's. -- -Chuck