user owned groups
Chuck Swiger
cswiger at mac.com
Wed May 11 12:44:12 PDT 2005
Lewis Thompson wrote:
> On Wed, May 11, 2005 at 03:15:40PM -0400, Chuck Swiger wrote:
>>If you "mkdir private && chmod 700 private", any files created under
>>private will be safely[1] hidden away from anyone else but you, regardless
>>of their permissions or what your umask is.
>
> Ah, okay. A slightly bad example. How about 0711 (now a home
> directory, say /home/lewiz). I would like to have a public_html
> directory that is generally accessible.
Um. Don't put stuff which you want to be private in a public_html directory.
> Since /home/lewiz is now executable is it not possible for somebody to
> do, say, cat /home/lewiz/.cshrc? They know the file is there (but can't
> use ls to see it) so can access it.
Sure, modulo the permissions on .cshrc itself. If you don't want them to,
give that file 600 perms. The Unix octal permissions bits work just fine for
almost all reasonable cases, but no default is ever going to suit all possible
variations of intent.
If you want to control access to something, set the access you want
explicitly, do not hope that the system defaults will guess what you want.
(DWIM is a horrible idea in general, and is an even worse idea for security.)
Anyway, if you do want to do something more complex, look to UFS2 and POSIX ACL's.
--
-Chuck
More information about the freebsd-questions
mailing list