From owner-freebsd-security Fri Sep 8 14:45:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from agora.rdrop.com (agora.rdrop.com [199.2.210.241]) by hub.freebsd.org (Postfix) with ESMTP id AD05437B446 for ; Fri, 8 Sep 2000 14:45:17 -0700 (PDT) Received: (from alan@localhost) by agora.rdrop.com (8.8.7/8.8.7) id OAA10927; Fri, 8 Sep 2000 14:45:14 -0700 (PDT) (envelope-from alan) Date: Fri, 8 Sep 2000 14:45:14 -0700 From: Alan Batie To: Matt Heckaman Cc: "Jonathan M. Slivko" , freebsd-security@FreeBSD.ORG Subject: Re: Home Directories -- in the point of security? Message-ID: <20000908144513.I4603@agora.rdrop.com> Mail-Followup-To: Matt Heckaman , "Jonathan M. Slivko" , freebsd-security@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: ; from matt@ARPA.MAIL.NET on Fri, Sep 08, 2000 at 05:29:42PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Sep 08, 2000 at 05:29:42PM -0400, Matt Heckaman wrote: > Mode 0711 for directories will do what you want, without allowing anyone > else read access. Until someone leaves their .profile or .cshrc file writeable accidentally because they don't understand unix permissions or are tricked into it. Or someone guesses a file name. Or many other scenarios. The answer I chose is to put the web directory somewhere else (/home/web/), reconfigure the web server and leave the user directories 700. -- Alan Batie ______ www.rdrop.com/users/alan Me alan@batie.org \ / www.qrd.org The Triangle PGPFP DE 3C 29 17 C0 49 7A \ / www.pgpi.com The Weird Numbers 27 40 A5 3C 37 4A DA 52 B9 \/ www.anti-spam.net NO SPAM! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message