From owner-freebsd-questions@FreeBSD.ORG Tue Dec 20 01:37:02 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E045516A41F for ; Tue, 20 Dec 2005 01:37:02 +0000 (GMT) (envelope-from ldrada@gmail.com) Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 495E843D5F for ; Tue, 20 Dec 2005 01:37:02 +0000 (GMT) (envelope-from ldrada@gmail.com) Received: by nproxy.gmail.com with SMTP id c29so444609nfb for ; Mon, 19 Dec 2005 17:37:00 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=py83OBBFBD56f50MXHQn15nZdBroeL7Yiku4LOVcqJrqyG9CWoS1DTtSdk+nt4OChqgGB1jSOja8cyiiICQDhzW1kGXRIvraNhpzbWNf582pbD66yNGfvVId67SQcEP4M6frKxVaZelEZpct28GyAob/cYChuFApt2+pVZrTsvA= Received: by 10.48.230.14 with SMTP id c14mr287606nfh; Mon, 19 Dec 2005 17:37:00 -0800 (PST) Received: by 10.49.2.17 with HTTP; Mon, 19 Dec 2005 17:37:00 -0800 (PST) Message-ID: <5ceb5d550512191737u23abdac4ya84a6d0c90e4638d@mail.gmail.com> Date: Tue, 20 Dec 2005 02:37:00 +0100 From: "Daniel A." To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: Fine-tuning access X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Dec 2005 01:37:03 -0000 Lately, I've been having an itch to get something cleared up. I give out free SSH shell accounts to people I know and to people that I dont know so well, but ask for it. The basic idea is that they get an account on a FreeBSD server that has lots of disk space, a descent CPU, but not such a great internet connection (Sadly). As the happy giver that I am, I also want to provide my users with web-hosting features. Mostly everyone knows that some user will at some point want to set up some kind of PHP+MySQL based web-service, like a bulletin board or a blog. When doing so, they need to enter their password and username to the MySQL server in a config file. For apache running as the www user to read this, the file has to be quite insecurely chmodded. I've thought a possible solution for this: Adding the www user to all my users groups, thus enabling the www user to read all files chmodded with read permissions for group. Are there any drawbacks of this solution? Is there a better solution that I'm not familiar with? Thanks in advance.