Restricting users to their own home directories / not letting
users view other users files...?
Jonathan McKeown
jonathan+freebsd-questions at hst.org.za
Thu Feb 12 23:08:28 PST 2009
On Thursday 12 February 2009 19:15:21 Paul Schmehl wrote:
> If you set the world readable bit, you break the entire schema. To make it
> work, world must have no access - not even directory search access. So you
> set u=rwx,g=srx,o-rwx (or 2750), for homedirs and u=rw,g=sr,o-rwx (or 2640)
> for files. To maintain the schema you would also need to change the users'
> umask to 027 or (script a perm change periodically to remove the world bits
> from new files.)
>
> If you want to get more granular, you can set the homedirs and all subdirs
> to owner:owner and only set the public_html dir and its subdirs to
> owner:www. The key is to remove the world access from the homedirs and
> everything under them, set the group to www, setgid and change the umask.
setgid on the directory is a SysV-ism to switch on BSD behaviour. FreeBSD
always sets group ownership of files to the group of the directory they're
created in, so all you need to do is change the ownership of the directory
and the umask.
Jonathan
More information about the freebsd-questions
mailing list