From owner-freebsd-ipfw@FreeBSD.ORG  Fri May  9 09:04:04 2003
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1699137B401
	for <freebsd-ipfw@freebsd.org>; Fri,  9 May 2003 09:04:04 -0700 (PDT)
Received: from genua.rfc-networks.ie (genua.rfc-networks.ie [62.77.182.178])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4C14F43F85
	for <freebsd-ipfw@freebsd.org>; Fri,  9 May 2003 09:04:03 -0700 (PDT)
	(envelope-from philip.reynolds@rfc-networks.ie)
Received: from tear.domain (unknown [10.0.1.254])
	by genua.rfc-networks.ie (Postfix) with ESMTP id 4804154F5C
	for <freebsd-ipfw@freebsd.org>; Fri,  9 May 2003 17:04:02 +0100 (IST)
Received: by tear.domain (Postfix, from userid 1000)
	id 0EB0721150; Fri,  9 May 2003 16:04:01 +0000 (GMT)
Date: Fri, 9 May 2003 16:04:01 +0000
From: Philip Reynolds <philip.reynolds@rfc-networks.ie>
To: freebsd-ipfw@freebsd.org
Message-ID: <20030509160401.GA5244@rfc-networks.ie>
References: <200305062208.06242.dgw@liwest.at>
	<200305071629.17103.dgw@liwest.at> <003a01c3152b$2810c2f0$4508a8c0@Beastie>
	<200305081951.35493.dgw@liwest.at>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200305081951.35493.dgw@liwest.at>
X-Operating-System: FreeBSD 4.7-STABLE
X-URL: http://www.rfc-networks.ie
Subject: Re: Allow all traffic for a specific process
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: philip.reynolds@rfc-networks.ie
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 May 2003 16:04:04 -0000

Daniela <dgw@liwest.at> 29 lines of wisdom included:
> > > home directory.
> > > I don't want my files to be writable by others.
> > > How do I do that?
> >
> > The files just need to be readable by the GID that the process runs as, not
> > writable.
> 
> 
> I mean, I don't want my files to be readable and writable by anyone else.
> The process creates and writes the files, so it needs write access.

Run the process as a separate user.

Create a group, and add yourself and the user that the process is
running under to that group.

Make the directory under your home directory writeable by your group
(chmod g+rw /path/to/dir) 

Set the appropiate umask(2) or use chmod(2) to create the appropiate
permissions on the files.

-- 
Philip Reynolds                      | RFC Networks Ltd.
philip.reynolds@rfc-networks.ie      | +353 (0)1 8832063
http://people.rfc-networks.ie/~phil  | www.rfc-networks.ie