[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Disallow other users from reading my $HOME

On Wed, Jan 6, 2010 at 4:29 PM, green <greenfreedom10@gmail.com> wrote:
> Okay, I was assuming recursion because I have a ~/public_html and symlinks from
> it to other files scattered in my $HOME and so a "chmod 700 $HOME" would just
> break stuff.  Otherwise, just changing $HOME permissions is an excellent
> solution.

Great point.  "chmod 700 $HOME" would make ~/public_html to be not so
public, since, on a Debian box, apache runs under the www-data
account. :)  So, if Mr. Cohen has such a configuration, he would need
to relocate his ~/public_html directory (along with all symlinked
scripts or binaries) to a public location that can be accessed by the
www-data account, and modify his apache configuration accordingly.  I
have an account on freeshell.net that is configured like this:

[501]itsme@iceland:~$ ls -ld $HOME
drwx------  16 itsme  arpa  1024 Oct 21 18:39 /arpa/nl/i/itsme
[502]itsme@iceland:~$ ls -l html
lrwx------  1 itsme  arpa  16 Jan 26  2009 html -> /www/am/i/itsme
[503]itsme@iceland:~$ ls -ld /www/am/i/itsme
drwxr-x--x  4 itsme  nobody  512 Oct 30 19:37 /www/am/i/itsme

This, to me, looks like the most elegant approach.

Reply to: