Restricting users to their own home directories / not letting
users view other users files...?
utisoft at googlemail.com
Tue Feb 17 02:21:11 PST 2009
2009/2/12 Uwe Laverenz <uwe at laverenz.de>:
> On Thu, Feb 12, 2009 at 09:39:18AM -0500, Keith Palmer wrote:
>> Thanks so much, this solution works really well! It doesn't lock users out
>> of the entire system, but it does ensure that users can't view other
>> user's files via SFTP/SSH, which is fantastic.
> This solution enforces the switch of all user directories to group "www",
> which also means that any member of the group www gets access to these
> directories. This would be even more dangerous if your webserver runs
> with gid www and contains a php-module or something similar with a long
> tradition of security problems. Sorry, but you really, really should not
> do it this way.
> The sticky bit for group www on the public_html directories can be a good
> idea, though.
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
Do you really mean sticky? Or do you mean sgid? Sgid directories are
unnecessary in BSD systems anyway. In the (one true UNIX) BSD Way, new
files in a directory are always of the group of the directory.
Sticky is something completely different
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > (sendmail.cf)
More information about the freebsd-questions