Date: Tue, 18 Jan 2011 22:15:19 +0100 (CET) From: Holger Kipp <holger.kipp@alogis.com> To: Ihor R <kaba@goodnet.com.ua>, freebsd-amd64@freebsd.org Subject: Re: amd64/154112: user can delete file witch owned by root:wheel Message-ID: <1239435744.369.1295385319535.JavaMail.open-xchange@oxlix> In-Reply-To: <201101182010.p0IKAA5u010462@freefall.freebsd.org> References: <201101182010.p0IKAA5u010462@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Ihor, =C2=A0 On January 18, 2011 at 9:10 PM Ihor R <kaba@goodnet.com.ua> wrote: > The following reply was made to PR amd64/154112; it has been noted by GNA= TS. > > From: Ihor R <kaba@goodnet.com.ua> > To: <bug-followup@FreeBSD.org>, <kaba@goodnet.com.ua> > Cc:=C2=A0 > Subject: Re: amd64/154112: user can delete file witch owned by root:wheel > Date: Tue, 18 Jan 2011 21:27:23 +0200 > >=C2=A0 =C2=A0On Tue, 18 Jan 2011 16:22:53 GMT, kib@FreeBSD.org wrote: >=C2=A0 > User home directory is owned by user, right ? >=C2=A0 > The system works as intended, read about unix file permission mod= el. >=C2=A0 >=C2=A0 =C2=A0The home user directory is owned by user, but I quote don't u= nderstand >=C2=A0 =C2=A0how I can provide hosting service for my users, if anybody us= er can >=C2=A0 =C2=A0delete any files in his home directory. By example: >=C2=A0 >=C2=A0 =C2=A0if I want to block some resources, like site, by adding "deny= from all" >=C2=A0 =C2=A0to .htaccess and replace owner of this file to root:wheel. Us= er can not >=C2=A0 =C2=A0change this file (rewrite) but he can delete this file any ti= me he wish >=C2=A0 =C2=A0- and the site will go on to work and can make some steps to = damage >=C2=A0 =C2=A0server. >=C2=A0 >=C2=A0 =C2=A0Can you please explain me how can I get back to Unix where us= ers can't >=C2=A0 =C2=A0delete file which they not own. What steps I need to do to so= lve current >=C2=A0 =C2=A0problem. >=C2=A0 =C2=A0I need that users can't change or delete files, that users no= t own, >=C2=A0 =C2=A0anyway it's (files) placed. =C2=A0 It seems you really don't understand the concept of unix file permissions. It has been around for ages and imho is as good as it can be. =C2=A0 As you also mention .htaccess-files, this is another issue. Looking at apache documentation, you'll find that these files should not be used unless you _want_ your users to use them: =C2=A0 See http://httpd.apache.org/docs/2.2/howto/htaccess.html#when =C2=A0 You might want to rework your current concept of hosting and permissions =C2=A0 Apart from that, this is not a http/apache forum, so this is actually the wrong mailing list :-( Best regards, Holger -- Holger Kipp Diplom-Mathematiker Senior Consultant Tel. : +49 30 436 58 114 Mobil: +49 178 36 58 114 Fax. : +49 30 436 58 214 Email: holger.kipp@alogis.com alogis AG Alt-Moabit 90b D-10559 Berlin web : http://www.alogis.com ---------------------------------------------------------- alogis AG Sitz/Registergericht: Berlin/AG Charlottenburg, HRB 71484 Vorstand: Arne Friedrichs, Joern Samuelson Aufsichtsratsvorsitzender: Reinhard Mielke
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1239435744.369.1295385319535.JavaMail.open-xchange>