From owner-freebsd-questions@FreeBSD.ORG Tue Feb 17 10:21:10 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B7895106566C for ; Tue, 17 Feb 2009 10:21:10 +0000 (UTC) (envelope-from utisoft@googlemail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.169]) by mx1.freebsd.org (Postfix) with ESMTP id 84F7D8FC08 for ; Tue, 17 Feb 2009 10:21:10 +0000 (UTC) (envelope-from utisoft@googlemail.com) Received: by wf-out-1314.google.com with SMTP id 27so2634694wfd.7 for ; Tue, 17 Feb 2009 02:21:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:reply-to:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=ptEYZ1I82n/MeIRVBvUFs7KPO/qwm0f+fSCRgG8yPl0=; b=EUffc3gzfkVj4OmdX4+sc3qT/lyCLzXDQIhZZhIXrttslWfER8muQ4ycJH/uNkF/KJ njULtFliyS25QNuNEJxjuxT0UIlAjX5wF+lRl/ERW2RahfXuiAMmqeU1+sthYbZsWOmj YdZiAlYo1W3XMIO+J33qJR8zWJDoZ6i6HOays= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:content-type:content-transfer-encoding; b=bqxi5bL/F1n0VNMDmQjJ9Kbhl0Be9gHhzwPAAYgSADD4J2nAIf8YEO3OLy9zOU3CDJ Rg013eSAujIPwRq3huryJWJF6K6Eo8SLOfX+1ICOtHs7cvdlczhG+UxRDKjTabFuKgHB 61cL1vKZdgFjhD2gpPGuFXMwdlTLODSoVV91s= MIME-Version: 1.0 Received: by 10.142.231.7 with SMTP id d7mr2851264wfh.318.1234866070180; Tue, 17 Feb 2009 02:21:10 -0800 (PST) In-Reply-To: <20090212154540.GC3324@laverenz.de> References: <53134.12.68.55.226.1234369337.squirrel@www.academickeys.com> <20090211181843.GA41237@slackbox.xs4all.nl> <65534.12.68.55.226.1234377513.squirrel@www.academickeys.com> <62055.12.68.55.226.1234449558.squirrel@www.academickeys.com> <20090212154540.GC3324@laverenz.de> Date: Tue, 17 Feb 2009 10:21:09 +0000 Message-ID: From: Chris Rees To: freebsd-questions@freebsd.org, keith@academickeys.com, uwe@laverenz.de Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: Restricting users to their own home directories / not letting users view other users files...? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: utisoft@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2009 10:21:11 -0000 2009/2/12 Uwe Laverenz : > On Thu, Feb 12, 2009 at 09:39:18AM -0500, Keith Palmer wrote: > >> Thanks so much, this solution works really well! It doesn't lock users out >> of the entire system, but it does ensure that users can't view other >> user's files via SFTP/SSH, which is fantastic. > > This solution enforces the switch of all user directories to group "www", > which also means that any member of the group www gets access to these > directories. This would be even more dangerous if your webserver runs > with gid www and contains a php-module or something similar with a long > tradition of security problems. Sorry, but you really, really should not > do it this way. > > The sticky bit for group www on the public_html directories can be a good > idea, though. > > bye, > Uwe > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Do you really mean sticky? Or do you mean sgid? Sgid directories are unnecessary in BSD systems anyway. In the (one true UNIX) BSD Way, new files in a directory are always of the group of the directory. Sticky is something completely different http://www.gsp.com/cgi-bin/man.cgi?section=8&topic=sticky -- R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > (sendmail.cf)