From owner-freebsd-questions@FreeBSD.ORG  Fri Nov 14 21:00:15 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 98D1716A4CF
	for <freebsd-questions@freebsd.org>;
	Fri, 14 Nov 2003 21:00:15 -0800 (PST)
Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 80A7743F93
	for <freebsd-questions@freebsd.org>;
	Fri, 14 Nov 2003 21:00:14 -0800 (PST)	(envelope-from kdk@daleco.biz)
Received: from daleco.biz ([69.27.131.0]) by ns1.tiadon.com with Microsoft
	SMTPSVC(6.0.3790.0);	 Fri, 14 Nov 2003 23:03:02 -0600
Message-ID: <3FB5B2D8.6020503@daleco.biz>
Date: Fri, 14 Nov 2003 23:00:08 -0600
From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030920
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: How Can ThisBe <howcanthisbe300@hotmail.com>
References: <BAY7-F104XR5lK06Ye200009a15@hotmail.com>
In-Reply-To: <BAY7-F104XR5lK06Ye200009a15@hotmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 15 Nov 2003 05:03:02.0921 (UTC)
	FILETIME=[BF654F90:01C3AB35]
cc: freebsd-questions@freebsd.org
Subject: Re: File permission question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Nov 2003 05:00:15 -0000

How Can ThisBe wrote:

> Hi, I've just noticed a small issue, which I'm sure others are aware of.
>
> For apache to server users webpages, apache need to be able to read files
> and directories. So we have something like the following (by default) on
> FreeBSD;
>
> tigger@piglet:~% ls -Al ./ public_html/index.php | grep pub
> -rw-r--r--  1 tigger  tigger  16 Mar 24  2002 public_html/index.php
> drwxr-xr-x  12 tigger  tigger       512 Aug 14 02:04 public_html/
>
> However, the following set-up is a little more secure (users can not read
> other users includes files for a start) and works fine;
>
> tigger@piglet:~% ls -Al ./ public_html/index.php | grep pub
> -rw-r-----  1 tigger  www     16 Mar 24  2002 public_html/index.php
> drwxr-x---  12 tigger  www          512 Aug 14 02:04 public_html/
>
> My question is, when I make a new file or directory in ~/public_html 
> (with
> chown tigger:www), the file is made with the following permission:
>
> -rw-r--r--  1 tigger  www      0 Nov 15 13:42 public_html/test1.php
>
> How can I make new files without the world readable flag set, within the
> public_html directory?
>

Change your umask.