Date: Fri, 8 Sep 2000 14:45:14 -0700 From: Alan Batie <alan@batie.org> To: Matt Heckaman <matt@ARPA.MAIL.NET> Cc: "Jonathan M. Slivko" <jslivko@coresync.net>, freebsd-security@FreeBSD.ORG Subject: Re: Home Directories -- in the point of security? Message-ID: <20000908144513.I4603@agora.rdrop.com> In-Reply-To: <Pine.BSF.4.21.0009081728210.36047-100000@epsilon.lucida.qc.ca>; from matt@ARPA.MAIL.NET on Fri, Sep 08, 2000 at 05:29:42PM -0400 References: <Pine.BSO.4.21.0009081411320.9159-100000@rocket.coresync.net> <Pine.BSF.4.21.0009081728210.36047-100000@epsilon.lucida.qc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 08, 2000 at 05:29:42PM -0400, Matt Heckaman wrote: > Mode 0711 for directories will do what you want, without allowing anyone > else read access. Until someone leaves their .profile or .cshrc file writeable accidentally because they don't understand unix permissions or are tricked into it. Or someone guesses a file name. Or many other scenarios. The answer I chose is to put the web directory somewhere else (/home/web/<user>), reconfigure the web server and leave the user directories 700. -- Alan Batie ______ www.rdrop.com/users/alan Me alan@batie.org \ / www.qrd.org The Triangle PGPFP DE 3C 29 17 C0 49 7A \ / www.pgpi.com The Weird Numbers 27 40 A5 3C 37 4A DA 52 B9 \/ www.anti-spam.net NO SPAM! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000908144513.I4603>