From owner-freebsd-isp Tue Nov 12 0:57: 1 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 497E437B401 for ; Tue, 12 Nov 2002 00:57:00 -0800 (PST) Received: from tin.blazingdot.com (tin.blazingdot.com [207.154.84.81]) by mx1.FreeBSD.org (Postfix) with SMTP id D3BB943E75 for ; Tue, 12 Nov 2002 00:56:59 -0800 (PST) (envelope-from marcus@blazingdot.com) Received: (qmail 51601 invoked by uid 1001); 12 Nov 2002 08:56:54 -0000 Date: Tue, 12 Nov 2002 00:56:54 -0800 From: Marcus Reid To: Jez Hancock Cc: FreeBSD ISP List Subject: Re: per-user groups Message-ID: <20021112085654.GA55722@blazingdot.com> References: <20021105130922.A36056@cthulu.compt.com> <20021110214410.GA98103@users.munk.nu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021110214410.GA98103@users.munk.nu> User-Agent: Mutt/1.3.27i Coffee-Level: high Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi: On Sun, Nov 10, 2002 at 09:44:10PM +0000, Jez Hancock wrote: ..snip.. > The solution to this then is to simply add the user > 'www' to both the groups 'munk' and 'joe' in /etc/group: > > > munk:*:1023:www > munk:*:1024:www > > > so that the www user, as a member of both the joe and munk groups, > can easily access the files in /home/munk/web and /home/joe/web as it > should be able to. ..snip.. Sounds kind of wild to me.. For one thing, if you allow your users to use CGIs, they can run anything as the www user and be in the group of all of your other users. Another way to do almost the same thing is to have the users home directory perms set to rwxr-x--x. Apache can get to the users public_html directory, and noone can get a directory listing of another persons home directory. Users still have to make sure that files they don't want to be world readable aren't world readable, but it's a solution that suits my tastes a little better. Marcus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message