From owner-freebsd-questions Sun Dec 5 3:17:55 1999 Delivered-To: freebsd-questions@freebsd.org Received: from ns.fns.ru (ns.fns.ru [212.119.211.200]) by hub.freebsd.org (Postfix) with ESMTP id C77E21525B for ; Sun, 5 Dec 1999 03:17:43 -0800 (PST) (envelope-from freebsd-questions@fns.ru) Received: from gatekeeper.intranet (gatekeeper.intranet [10.0.1.222]) by ns.fns.ru (8.9.3/8.9.3) with ESMTP id OAA03172 for ; Sun, 5 Dec 1999 14:17:42 +0300 (MSK) (envelope-from freebsd-questions@fns.ru) Received: by gatekeeper.fns.ru with Internet Mail Service (5.5.2650.21) id ; Sun, 5 Dec 1999 14:17:42 +0300 Received: from ns.fns.ru ([212.119.211.200]) by gatekeeper.intranet with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id Y2DK8YRQ; Sun, 5 Dec 1999 14:17:35 +0300 Received: from hub.freebsd.org (hub.FreeBSD.ORG [204.216.27.18]) by ns.fns.ru (8.9.3/8.9.3) with ESMTP id OAA03168 for ; Sun, 5 Dec 1999 14:17:28 +0300 (MSK) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: by hub.freebsd.org (Postfix, from userid 538) id B0A121526C; Sun, 5 Dec 1999 03:17:04 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with SMTP id 97F131CD742; Sun, 5 Dec 1999 03:17:04 -0800 (PST) (envelope-from owner-freebsd-questions) Received: by hub.freebsd.org (bulk_mailer v1.12); Sun, 5 Dec 1999 03:17:04 -0800 Received: from kearneys.ca (cr1003527-a.rct1.bc.wave.home.com [24.113.36.145]) by hub.freebsd.org (Postfix) with SMTP id 5235C1525B for ; Sun, 5 Dec 1999 03:17:00 -0800 (PST) (envelope-from brent@kearneys.ca) Received: (qmail 1163 invoked by uid 1000); 5 Dec 1999 11:19:34 -0000 Message-ID: <74E45CD96094D311B7F900608C71F775A987@gatekeeper.fns.ru> From: Brent Kearney To: freebsd-questions@freebsd.org Subject: Re: User Quotas - and Multiple Groups Date: Sun, 5 Dec 1999 14:17:41 +0300 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="KOI8-R" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Sorry to sound like a pedant, but you may get a better response if you used separate posts for so many different questions... On Sun, Dec 05, 1999 at 12:58:49AM -0500, Network Admin [JPeterson] wrote: > a) Users should not be able to FTP in and CWD to other users homedirs, the > way I found to accomplish this and still allow web access was to put all > users in the primary group 'user' and make each users home dir chmod 0705 > and owned by [username]:user so that others in the group 'user' had no > access but world (i.e. httpd) still could see the subdir of www which is > 0755 and [username]:www -- Is this the best way to accomplish what I want or > is there another way? What is wrong with the default groups of username:username? Setting home directories to 711 would disallow read access from other users, and allow Apache access to ~/www. Is it just the CWD you're concerned about, or is it the files inside? Without read or write access, the files are fairly safe. I can't think of what risk there could be in changing into a directory, if user can't "ls" it. > c) Directory permissions: > We have a web designing firm that authors sites for several companies who > host here, currently in order to allow the firm to post pages via FTP I must > chown -R the ~customer/www directory to the firm's username, this makes it > impossible for the customer to make any changes.. is there any way to add > the firm's username or a special group access to these directories? > This is pretty confusing. Are you saying that the web designing firm is a customer of yours (i.e., has an account on your system), or are you working with/for the web designing firm that owns the box? I'll interpret it this way: one user (username "firm", say) needs access to other user's ~/www directories. In this case, you could make ~/www group-writable (2771, perhaps) and add firm to that user's group. -Brent ____________________________________________ brent@kearneys.ca "The follies of the last debauch should be buried in eternal oblivion, in order to give full scope to the follies of the next." --David Hume Of Political Society ____________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message