Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 5 Dec 1999 03:19:34 -0800
From:      Brent Kearney <brent@kearneys.ca>
To:        "Network Admin [JPeterson]" <jay@qtm.net>
Cc:        questions@freebsd.org
Subject:   Re: User Quotas - and Multiple Groups
Message-ID:  <19991205031934.A806@kearneys.ca>
In-Reply-To: <PCEIIOODPEIJJFAGCCEFAEJNCBAA.jay@qtm.net>; from jay@qtm.net on Sun, Dec 05, 1999 at 12:58:49AM -0500
References:  <74E45CD96094D311B7F900608C71F775A962@gatekeeper.fns.ru> <PCEIIOODPEIJJFAGCCEFAEJNCBAA.jay@qtm.net>

next in thread | previous in thread | raw e-mail | index | archive | help

--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable



Sorry to sound like a pedant, but you may get a better response if=20
you used separate posts for so many different questions...

On Sun, Dec 05, 1999 at 12:58:49AM -0500, Network Admin [JPeterson] wrote:

> a) Users should not be able to FTP in and CWD to other users homedirs, the
> way I found to accomplish this and still allow web access was to put all
> users in the primary group 'user' and make each users home dir chmod 0705
> and owned by [username]:user so that others in the group 'user' had no
> access but world (i.e. httpd) still could see the subdir of www which is
> 0755 and [username]:www -- Is this the best way to accomplish what I want=
 or
> is there another way?

What is wrong with the default groups of username:username?  Setting=20
home directories to 711 would disallow read access from other users,=20
and allow Apache access to ~/www.  Is it just the CWD you're concerned=20
about, or is it the files inside?  Without read or write access, the=20
files are fairly safe.  I can't think of what risk there could be in=20
changing into a directory, if user can't "ls" it.


> c) Directory permissions:
> We have a web designing firm that authors sites for several companies who
> host here, currently in order to allow the firm to post pages via FTP I m=
ust
> chown -R the ~customer/www directory to the firm's username, this makes it
> impossible for the customer to make any changes.. is there any way to add
> the firm's username or a special group access to these directories?
>=20

This is pretty confusing.  Are you saying that the web designing firm
is a customer of yours (i.e., has an account on your system), or are you
working with/for the web designing firm that owns the box?

I'll interpret it this way: one user (username "firm", say) needs access=20
to other user's ~/www directories.  In this case, you could make ~/www
group-writable (2771, perhaps) and add firm to that user's group. =20

-Brent

____________________________________________
brent@kearneys.ca

"The follies of the last debauch should be
buried in eternal oblivion, in order to give
full scope to the follies of the next."

--David Hume
Of Political Society
____________________________________________

--45Z9DzgjV8m4Oswq
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: XSAHs9DI3TscS90krE3//Cf/ZSjCtiln

iQA/AwUBOEpKRf5LgQMksPsjEQKhYgCfRpCjDO/+ugRuFyCcjLj1k3PRpjkAoJMx
/7oBxnPUYCEKbki7ZWsI2RYo
=hKVu
-----END PGP SIGNATURE-----

--45Z9DzgjV8m4Oswq--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991205031934.A806>