Date: Sun, 5 Dec 1999 03:19:34 -0800 From: Brent Kearney <brent@kearneys.ca> To: "Network Admin [JPeterson]" <jay@qtm.net> Cc: questions@freebsd.org Subject: Re: User Quotas - and Multiple Groups Message-ID: <19991205031934.A806@kearneys.ca> In-Reply-To: <PCEIIOODPEIJJFAGCCEFAEJNCBAA.jay@qtm.net>; from jay@qtm.net on Sun, Dec 05, 1999 at 12:58:49AM -0500 References: <74E45CD96094D311B7F900608C71F775A962@gatekeeper.fns.ru> <PCEIIOODPEIJJFAGCCEFAEJNCBAA.jay@qtm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--45Z9DzgjV8m4Oswq Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sorry to sound like a pedant, but you may get a better response if=20 you used separate posts for so many different questions... On Sun, Dec 05, 1999 at 12:58:49AM -0500, Network Admin [JPeterson] wrote: > a) Users should not be able to FTP in and CWD to other users homedirs, the > way I found to accomplish this and still allow web access was to put all > users in the primary group 'user' and make each users home dir chmod 0705 > and owned by [username]:user so that others in the group 'user' had no > access but world (i.e. httpd) still could see the subdir of www which is > 0755 and [username]:www -- Is this the best way to accomplish what I want= or > is there another way? What is wrong with the default groups of username:username? Setting=20 home directories to 711 would disallow read access from other users,=20 and allow Apache access to ~/www. Is it just the CWD you're concerned=20 about, or is it the files inside? Without read or write access, the=20 files are fairly safe. I can't think of what risk there could be in=20 changing into a directory, if user can't "ls" it. > c) Directory permissions: > We have a web designing firm that authors sites for several companies who > host here, currently in order to allow the firm to post pages via FTP I m= ust > chown -R the ~customer/www directory to the firm's username, this makes it > impossible for the customer to make any changes.. is there any way to add > the firm's username or a special group access to these directories? >=20 This is pretty confusing. Are you saying that the web designing firm is a customer of yours (i.e., has an account on your system), or are you working with/for the web designing firm that owns the box? I'll interpret it this way: one user (username "firm", say) needs access=20 to other user's ~/www directories. In this case, you could make ~/www group-writable (2771, perhaps) and add firm to that user's group. =20 -Brent ____________________________________________ brent@kearneys.ca "The follies of the last debauch should be buried in eternal oblivion, in order to give full scope to the follies of the next." --David Hume Of Political Society ____________________________________________ --45Z9DzgjV8m4Oswq Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: XSAHs9DI3TscS90krE3//Cf/ZSjCtiln iQA/AwUBOEpKRf5LgQMksPsjEQKhYgCfRpCjDO/+ugRuFyCcjLj1k3PRpjkAoJMx /7oBxnPUYCEKbki7ZWsI2RYo =hKVu -----END PGP SIGNATURE----- --45Z9DzgjV8m4Oswq-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991205031934.A806>