On Sun, Jan 31, 1999 at 10:10:25PM -0500, Brian White wrote: > I understand. My point, however, was that anyone who exports those things > on purpose could just as easily copy the file, ftp it, email it, or > whatever. Plugging a whole in the side of a boat doesn't help when the > boat has no bottom.
No, the mod_roaming directory is 0750 and is owned www-data.www-data. You _can't_ get to it without this method. Also I have several databases that are only accesible to the server with mode 640, and I know that .htpasswd files in the main web directory should also only be accesible with similar modes. These are protected files, and the admin expects other things to honor these modes. With out the suggested fix, it leaves the system vulnerable, and the admin has a false sense of security with his web server. -- ----- -- - -------- --------- ---- ------- ----- - - --- -------- Ben Collins <[EMAIL PROTECTED]> Debian GNU/Linux UnixGroup Admin - Jordan Systems Inc. [EMAIL PROTECTED] ------ -- ----- - - ------- ------- -- The Choice of the GNU Generation