From owner-freebsd-questions Wed Aug 7 18:54:52 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B0E4837B400 for ; Wed, 7 Aug 2002 18:54:50 -0700 (PDT) Received: from mail.halplant.com (ip68-100-145-31.nv.nv.cox.net [68.100.145.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3724243E8A for ; Wed, 7 Aug 2002 18:54:50 -0700 (PDT) (envelope-from A.J.Caines@halplant.com) Received: by mail.halplant.com (Postfix, from userid 1001) id EB02C1DD; Wed, 7 Aug 2002 21:54:48 -0400 (EDT) Date: Wed, 7 Aug 2002 21:54:48 -0400 From: Andrew J Caines To: gabriel_ambuehl@buz.ch Cc: David Kelly , questions@FreeBSD.ORG Subject: Re: Forcing umask values (i.e. stopping users from making files world accessible)? Message-ID: <20020808015448.GI320@hal9000.halplant.com> Reply-To: Andrew J Caines Mail-Followup-To: gabriel_ambuehl@buz.ch, David Kelly , questions@FreeBSD.ORG References: <18221229687.20020807162338@buz.ch> <20020807190050.GD57320@grumpy.dyndns.org> <7521798265.20020807235137@buz.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7521798265.20020807235137@buz.ch> Organization: H.A.L. Plant X-PGP-Fingerprint: C59A 2F74 1139 9432 B457 0B61 DDF2 AA61 67C3 18A1 X-Powered-by: FreeBSD 4.6-STABLE X-URL: http://halplant.com:88/ Importance: Normal User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Gabriel, > I'm talking about webhosting consumers and the thing I had in mind was > to stop them from having their scripts with passwords from being world > readable... If you're doing shared web hosting on FreeBSD, then I'd hope you're making judicial use of jail(8) and that file permissions are therefore a non-issue. If not [then why not?], then it sounds like you're trying to solve a human problem with a technical solution, and that's not likely to succeed. The best you can do is tell the customers to DTRT and explain the consequences of not doing so, then it's their problem not yours. Set their umask in login.conf to help. -Andrew- -- _______________________________________________________________________ | -Andrew J. Caines- Unix Systems Engineer A.J.Caines@halplant.com | | "They that can give up essential liberty to obtain a little temporary | | safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message