[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Home dir Permissions

In article <Pine.LNX.3.96.980212201824.18247A-100000@cnhobbes.ml.org>, Brandon Mitchell <bhmit1@mail.wm.edu> writes:
> On 12 Feb 1998, William R. Ward wrote:
>> One comment about permissions: Web files do *NOT* have to be world
>> readable.  They just have to be readable by the web server.  If you
>> set up a user and group for your web server (I use www for both) you
>> can get by with just having the files be group-readable by the
>> webserver's group (and not all the other users on the system).

> I missed the beginning of this thread, but why forbid local users from
> viewing files that you let any user outside of your system view?  Most
> people I know concerned with security in their directories remove the read
> permissions on directories so anyone can get to the file, but only if they
> know the name.  Note, this isn't a high level of security, just another
> thing to do.  I don't see any reason to add users to more groups.

You might have a .htaccess file that limits access to a smaller group
of people.  I do this in my own web pages - I have a subdirectory with
limited access so I have to enter a password to get at the documents
there.  That directory is mode 750 with the group being "www" - and
other users are *not* in the group www (that's the whole point).


William R Ward          Bay View Consulting   http://www.bayview.com/~hermit/
hermit@bayview.com     1803 Mission St. #339        voicemail +1 408/479-4072
wrw@bayview.com       Santa Cruz CA 95060 USA           pager +1 408/458-8862
 PGP Key 0x2BD331E5; Public key at http://www.bayview.com/~hermit/pubkey.txt
"The government of the United States of America is not in any sense founded
upon the Christian Religion." - John Adams

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: