Restricting users to their own home directories / not letting users view other users files...?

[Paul Schmehl]

--On Wednesday, February 11, 2009 14:24:13 -0600 Roland Smith 
<rsmith at xs4all.nl> wrote:
>>
>> Why can't you chgroup and setgid the homedirs to www?  (Or whatever
>> account the web server is running under.)  You really have two
>> requirements:
>>
>> 1) Users can't see other users' files
>> 2) The web server can read all users' web files
>>
>> So you chmod the homedirs to 750/640, and chgroup the dirs and files
>> to www, then set the sticky bit for the group, and you're done.
>
> According to the chgrp manual:
>
>      The user invoking chgrp must belong to the specified group and be the
>      owner of the file, or be the super-user.
>

Sorry if I wasn't clear.

I wasn't suggesting that the *users* chgrp the files.  Keith would do that as 
root.  Then he sets the setgid bit to www (or whatever the web user is), and 
from that point going forward any files created by the user would be user:www 
instead of user:user.  Set the umask to 027, and world has no readability.

This is exactly how I used to handle some files on a webserver that I maintain 
that other people needed to be able to edit, add and delete files from.  Once 
the sgid bit is set, the group membership of the files remains www no matter 
what user creates/touches a file.

Note that the first bit isn't usually referred to when discussing chmod.  So 
most people will say, for example, chmod directories 755.  And if you type '% 
chmod 755 dir', that's what you'll get.  To set the sgid bit, you need to type 
'% chmod 2755 dir'.  See the man 1 chmod for details.

My apologies for calling the sgid bit the "sticky" bit, since that's not 
technically correct.  I should have said "setgid" bit rather than "sticky group 
bit".

-- 
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/