Re: Disallow other users from reading my $HOME
On Wed, Jan 6, 2010 at 4:29 PM, green <greenfreedom10@gmail.com> wrote:
> Okay, I was assuming recursion because I have a ~/public_html and symlinks from
> it to other files scattered in my $HOME and so a "chmod 700 $HOME" would just
> break stuff. Otherwise, just changing $HOME permissions is an excellent
> solution.
Great point. "chmod 700 $HOME" would make ~/public_html to be not so
public, since, on a Debian box, apache runs under the www-data
account. :) So, if Mr. Cohen has such a configuration, he would need
to relocate his ~/public_html directory (along with all symlinked
scripts or binaries) to a public location that can be accessed by the
www-data account, and modify his apache configuration accordingly. I
have an account on freeshell.net that is configured like this:
[501]itsme@iceland:~$ ls -ld $HOME
drwx------ 16 itsme arpa 1024 Oct 21 18:39 /arpa/nl/i/itsme
[502]itsme@iceland:~$ ls -l html
lrwx------ 1 itsme arpa 16 Jan 26 2009 html -> /www/am/i/itsme
[503]itsme@iceland:~$ ls -ld /www/am/i/itsme
drwxr-x--x 4 itsme nobody 512 Oct 30 19:37 /www/am/i/itsme
This, to me, looks like the most elegant approach.
Reply to: