From owner-freebsd-questions  Sun Jun  2 22:39: 4 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from charon.0x54434D.net (pD9E51BD4.dip.t-dialin.net [217.229.27.212])
	by hub.freebsd.org (Postfix) with ESMTP id 4B53437B400
	for <freebsd-questions@freebsd.org>; Sun,  2 Jun 2002 22:39:00 -0700 (PDT)
Received: from 0x54434D.net (powerbox.tcm.lan [192.168.1.11])
	by charon.0x54434D.net (Postfix) with ESMTP
	id D10153E28; Mon,  3 Jun 2002 07:38:56 +0200 (CEST)
Message-ID: <3CFB00F0.9040704@0x54434D.net>
Date: Mon, 03 Jun 2002 07:38:56 +0200
From: Nino Dehne <freebsd-questions@0x54434D.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc3) Gecko/20020523
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: leroy@3dmasters.net
Cc: freebsd-questions@freebsd.org
Subject: Re: Restrict user access on freebsd
References: <B92125B4.F4C%jrhoden@unimelb.edu.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Jacob Rhoden wrote:
[...]
> /etc, for example /etc/group. The best thing to do is to remove the x flag
> on most directories, ie /etc /bin /sbin and so on, so that normal users can
> execute things like 'ls' and read files like 'group'.  (The x flag on
> directories means that a user cannot list the directory but can still access
> files in it). If you are unsure about the nescessity of a command, then I

There's a bit of confusion in your words. You say that the x flag on a
directory means that "a user cannot list the directory but can still
access files in it". The ability to list files is bound to the r flag,
and not inherent to the x flag. I think this is what you meant but it
didn't read like that. In the prior sentence you suggest removin the x
flag, though. This doesn't make sense at all. So:

    1) The r flag on a directory enables listing the contents of that
       directory.
    2) The x flag on a directory enables the contents directory to be
       accessed.

AFAIK, these flags don't interfer with each other, so you can prevent
listing but still allow access and vice versa. This is my understanding
of the functioning.

Regards,

Nino


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message