Re: Disallow other users from reading my $HOME

To: debian-user@lists.debian.org
Subject: Re: Disallow other users from reading my $HOME
From: Ken Teague <kteague@pobox.com>
Date: Wed, 6 Jan 2010 17:33:27 -0800
Message-id: <[🔎] 2d0a59b21001061733h24f43a9fr98c833ae8decc722@mail.gmail.com>
In-reply-to: <[🔎] 20100107002916.GP9728@swansys>
References: <[🔎] 880dece01001061316p715c0252i64a5b943bd1cfb18@mail.gmail.com> <[🔎] 20100106213046.GL9728@swansys> <[🔎] 2d0a59b21001061359y8ae4c4co4035e2e75b3638de@mail.gmail.com> <[🔎] 20100106224055.GM9728@swansys> <[🔎] 2d0a59b21001061605k6d2b9afx4278c68f098173a@mail.gmail.com> <[🔎] 20100107002916.GP9728@swansys>

On Wed, Jan 6, 2010 at 4:29 PM, green <greenfreedom10@gmail.com> wrote:
> Okay, I was assuming recursion because I have a ~/public_html and symlinks from
> it to other files scattered in my $HOME and so a "chmod 700 $HOME" would just
> break stuff.  Otherwise, just changing $HOME permissions is an excellent
> solution.

Great point.  "chmod 700 $HOME" would make ~/public_html to be not so
public, since, on a Debian box, apache runs under the www-data
account. :)  So, if Mr. Cohen has such a configuration, he would need
to relocate his ~/public_html directory (along with all symlinked
scripts or binaries) to a public location that can be accessed by the
www-data account, and modify his apache configuration accordingly.  I
have an account on freeshell.net that is configured like this:

[501]itsme@iceland:~$ ls -ld $HOME
drwx------  16 itsme  arpa  1024 Oct 21 18:39 /arpa/nl/i/itsme
[502]itsme@iceland:~$ ls -l html
lrwx------  1 itsme  arpa  16 Jan 26  2009 html -> /www/am/i/itsme
[503]itsme@iceland:~$ ls -ld /www/am/i/itsme
drwxr-x--x  4 itsme  nobody  512 Oct 30 19:37 /www/am/i/itsme

This, to me, looks like the most elegant approach.

Reply to:

Follow-Ups:
- Re: Disallow other users from reading my $HOME
  - From: Dotan Cohen <dotancohen@gmail.com>
- Re: Disallow other users from reading my $HOME
  - From: Bob McGowan <bob_mcgowan@symantec.com>

References:
- Disallow other users from reading my $HOME
  - From: Dotan Cohen <dotancohen@gmail.com>
- Re: Disallow other users from reading my $HOME
  - From: green <greenfreedom10@gmail.com>
- Re: Disallow other users from reading my $HOME
  - From: Ken Teague <kteague@pobox.com>
- Re: Disallow other users from reading my $HOME
  - From: green <greenfreedom10@gmail.com>
- Re: Disallow other users from reading my $HOME
  - From: Ken Teague <kteague@pobox.com>
- Re: Disallow other users from reading my $HOME
  - From: green <greenfreedom10@gmail.com>

Prev by Date: How to set only delete permision in a directory and theirs subdirectories.
Next by Date: RE: How to use Sun Java instead of gcj[Solved]
Previous by thread: Re: Disallow other users from reading my $HOME
Next by thread: Re: Disallow other users from reading my $HOME
Index(es):
- Date
- Thread