Date: Wed, 7 Aug 2002 14:00:50 -0500 From: David Kelly <dkelly@hiwaay.net> To: Gabriel Ambuehl <gabriel_ambuehl@buz.ch> Cc: questions@FreeBSD.ORG Subject: Re: Forcing umask values (i.e. stopping users from making files world accessible)? Message-ID: <20020807190050.GD57320@grumpy.dyndns.org> In-Reply-To: <18221229687.20020807162338@buz.ch> References: <18221229687.20020807162338@buz.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 07, 2002 at 04:23:38PM +0200, Gabriel Ambuehl wrote: > Hello, > I'm wondering whether there is any way to truly stop users (they have > (s)FTP access, CGI, PHP) from making their scripts world accessible. > I know that I could set umask 027 so that all new files are 750 by > default but as far as I understand the umask concept, they still can > call chmod and make the files world accessible again, right? So I'm > looking for a bullet proof solution that really stops users from > making their data world accessible. I suspect you are trying to go too far. If a user wants to share something with another user then by golly they will email it or find some way to share it. After all apparently they already have ftp and http services at their disposal. But I will agree that not-shared-by-default is good. And the right place to set umask in FreeBSD is in /etc/login.conf. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020807190050.GD57320>