On Thursday 12 February 2009 19:15:21 Paul Schmehl wrote: > If you set the world readable bit, you break the entire schema. To make it > work, world must have no access - not even directory search access. So you > set u=rwx,g=srx,o-rwx (or 2750), for homedirs and u=rw,g=sr,o-rwx (or 2640) > for files. To maintain the schema you would also need to change the users' > umask to 027 or (script a perm change periodically to remove the world bits > from new files.) > > If you want to get more granular, you can set the homedirs and all subdirs > to owner:owner and only set the public_html dir and its subdirs to > owner:www. The key is to remove the world access from the homedirs and > everything under them, set the group to www, setgid and change the umask.
setgid on the directory is a SysV-ism to switch on BSD behaviour. FreeBSD always sets group ownership of files to the group of the directory they're created in, so all you need to do is change the ownership of the directory and the umask. Jonathan _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
