From owner-freebsd-questions Wed Aug 7 12: 1:13 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8730937B400 for ; Wed, 7 Aug 2002 12:01:09 -0700 (PDT) Received: from grumpy.dyndns.org (user-24-214-34-52.knology.net [24.214.34.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEE5943E4A for ; Wed, 7 Aug 2002 12:01:08 -0700 (PDT) (envelope-from dkelly@grumpy.dyndns.org) Received: from grumpy.dyndns.org (localhost [127.0.0.1]) by grumpy.dyndns.org (8.12.5/8.12.5) with ESMTP id g77J0plt057429; Wed, 7 Aug 2002 14:00:51 -0500 (CDT) (envelope-from dkelly@grumpy.dyndns.org) Received: (from dkelly@localhost) by grumpy.dyndns.org (8.12.5/8.12.5/Submit) id g77J0o8r057428; Wed, 7 Aug 2002 14:00:50 -0500 (CDT) Date: Wed, 7 Aug 2002 14:00:50 -0500 From: David Kelly To: Gabriel Ambuehl Cc: questions@FreeBSD.ORG Subject: Re: Forcing umask values (i.e. stopping users from making files world accessible)? Message-ID: <20020807190050.GD57320@grumpy.dyndns.org> References: <18221229687.20020807162338@buz.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <18221229687.20020807162338@buz.ch> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Aug 07, 2002 at 04:23:38PM +0200, Gabriel Ambuehl wrote: > Hello, > I'm wondering whether there is any way to truly stop users (they have > (s)FTP access, CGI, PHP) from making their scripts world accessible. > I know that I could set umask 027 so that all new files are 750 by > default but as far as I understand the umask concept, they still can > call chmod and make the files world accessible again, right? So I'm > looking for a bullet proof solution that really stops users from > making their data world accessible. I suspect you are trying to go too far. If a user wants to share something with another user then by golly they will email it or find some way to share it. After all apparently they already have ftp and http services at their disposal. But I will agree that not-shared-by-default is good. And the right place to set umask in FreeBSD is in /etc/login.conf. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message