Date: Sun, 5 Dec 1999 14:17:41 +0300 From: Brent Kearney <brent@kearneys.ca> To: freebsd-questions@freebsd.org Subject: Re: User Quotas - and Multiple Groups Message-ID: <74E45CD96094D311B7F900608C71F775A987@gatekeeper.fns.ru>
next in thread | raw e-mail | index | archive | help
Sorry to sound like a pedant, but you may get a better response if you used separate posts for so many different questions... On Sun, Dec 05, 1999 at 12:58:49AM -0500, Network Admin [JPeterson] wrote: > a) Users should not be able to FTP in and CWD to other users homedirs, the > way I found to accomplish this and still allow web access was to put all > users in the primary group 'user' and make each users home dir chmod 0705 > and owned by [username]:user so that others in the group 'user' had no > access but world (i.e. httpd) still could see the subdir of www which is > 0755 and [username]:www -- Is this the best way to accomplish what I want or > is there another way? What is wrong with the default groups of username:username? Setting home directories to 711 would disallow read access from other users, and allow Apache access to ~/www. Is it just the CWD you're concerned about, or is it the files inside? Without read or write access, the files are fairly safe. I can't think of what risk there could be in changing into a directory, if user can't "ls" it. > c) Directory permissions: > We have a web designing firm that authors sites for several companies who > host here, currently in order to allow the firm to post pages via FTP I must > chown -R the ~customer/www directory to the firm's username, this makes it > impossible for the customer to make any changes.. is there any way to add > the firm's username or a special group access to these directories? > This is pretty confusing. Are you saying that the web designing firm is a customer of yours (i.e., has an account on your system), or are you working with/for the web designing firm that owns the box? I'll interpret it this way: one user (username "firm", say) needs access to other user's ~/www directories. In this case, you could make ~/www group-writable (2771, perhaps) and add firm to that user's group. -Brent ____________________________________________ brent@kearneys.ca "The follies of the last debauch should be buried in eternal oblivion, in order to give full scope to the follies of the next." --David Hume Of Political Society ____________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?74E45CD96094D311B7F900608C71F775A987>