Re: rwxr-xr-x /root
Matt Zimmerman <mdz@debian.org> wrote:
> On Sun, Nov 12, 2000 at 01:59:27PM +1100, Craig Sanders wrote:
>> On Sat, Nov 11, 2000 at 09:11:35PM -0500, H. S. Teoh wrote:
>> > <rant> Saying that default 755 for home dirs is a bit like saying an OS
>>
>> rant. rant. rant. try looking into the issue a little deeper next time
>> rather than just going off on a panic attack about a non-problem.
>>
>> 755 home directories are NOT a security hole, and in fact are necessary
>> for many "normal" tasks that users wish to perform. ~/public_html/ for
>> example....every directory in the tree above it has to be world readable
>> and world-executable for apache to serve ~ pages.
> This is not correct. Every directory in the tree above it has to be world
> executable. That is all.
Hello!
And I do not know another "normal" task (except ~/.plan for finger)
that requires 755 or 711. SSH-login works with
~/.ssh/authorized_keys[1] and procmail works with 700. Moving the
web-pages out of the homedirectory requires changing two lines in
{access,srm}.conf.
So what is the real reason, education?
cu andreas
[1] Just for the record: Even if /home is NFS-mounted.
--
Andreas Metzler, Wien |
ametzler@downhill.at.eu.org Key-ID 8B8D7663 |
Reply to: