Date: Tue, 12 Nov 2002 00:56:54 -0800 From: Marcus Reid <marcus@blazingdot.com> To: Jez Hancock <jez.hancock@munk.nu> Cc: FreeBSD ISP List <freebsd-isp@freebsd.org> Subject: Re: per-user groups Message-ID: <20021112085654.GA55722@blazingdot.com> In-Reply-To: <20021110214410.GA98103@users.munk.nu> References: <20021105130922.A36056@cthulu.compt.com> <20021110214410.GA98103@users.munk.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi: On Sun, Nov 10, 2002 at 09:44:10PM +0000, Jez Hancock wrote: ..snip.. > The solution to this then is to simply add the user > 'www' to both the groups 'munk' and 'joe' in /etc/group: > > <file: /etc/group> > munk:*:1023:www > munk:*:1024:www > </file> > > so that the www user, as a member of both the joe and munk groups, > can easily access the files in /home/munk/web and /home/joe/web as it > should be able to. ..snip.. Sounds kind of wild to me.. For one thing, if you allow your users to use CGIs, they can run anything as the www user and be in the group of all of your other users. Another way to do almost the same thing is to have the users home directory perms set to rwxr-x--x. Apache can get to the users public_html directory, and noone can get a directory listing of another persons home directory. Users still have to make sure that files they don't want to be world readable aren't world readable, but it's a solution that suits my tastes a little better. Marcus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021112085654.GA55722>