From owner-freebsd-security  Fri Sep  8 14:47:22 2000
Delivered-To: freebsd-security@freebsd.org
Received: from rocket.coresync.net (ns1.coresync.net [64.71.131.2])
	by hub.freebsd.org (Postfix) with SMTP id 0ABC937B446
	for <freebsd-security@FreeBSD.ORG>; Fri,  8 Sep 2000 14:47:18 -0700 (PDT)
Received: (qmail 25233 invoked by uid 1117); 8 Sep 2000 21:38:20 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 8 Sep 2000 21:38:20 -0000
Date: Fri, 8 Sep 2000 14:38:08 -0700 (PDT)
From: "Jonathan M. Slivko" <jslivko@coresync.net>
To: Alan Batie <alan@batie.org>
Cc: Matt Heckaman <matt@ARPA.MAIL.NET>, freebsd-security@FreeBSD.ORG
Subject: Re: Home Directories -- in the point of security?
In-Reply-To: <20000908144513.I4603@agora.rdrop.com>
Message-ID: <Pine.BSO.4.21.0009081437380.3095-100000@rocket.coresync.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Actually, that sounds like an even better idea than what was suggested
before. Thanks Alan!

- ----
Jonathan M. Slivko <jslivko@coresync.net>
Technical Support: CoreSync Corparation
NSI ID: JSR730

Want a reliable shells? check us out at
http://www.coresync.net!
- ----

On Fri, 8 Sep 2000, Alan Batie wrote:

> On Fri, Sep 08, 2000 at 05:29:42PM -0400, Matt Heckaman wrote:
> > Mode 0711 for directories will do what you want, without allowing anyone  
> > else read access.
> 
> Until someone leaves their .profile or .cshrc file writeable accidentally
> because they don't understand unix permissions or are tricked into it.
> Or someone guesses a file name.  Or many other scenarios.  The answer
> I chose is to put the web directory somewhere else (/home/web/<user>),
> reconfigure the web server and leave the user directories 700.
> 
> -- 
> Alan Batie                   ______    www.rdrop.com/users/alan      Me
> alan@batie.org               \    /    www.qrd.org         The Triangle
> PGPFP DE 3C 29 17 C0 49 7A    \  /     www.pgpi.com   The Weird Numbers
> 27 40 A5 3C 37 4A DA 52 B9     \/      www.anti-spam.net       NO SPAM!
> 

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Comment: Made with pgp4pine 1.75
Charset: noconv

iQA/AwUBOblcSsELej+B3y/WEQIR9QCfSJfi476IEm9o43CEcP7VrAwNNbQAoNTH
7dKzCVkjhNKavpksD9BGuvti
=YgTQ
-----END PGP SIGNATURE-----




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message