On Thu, Jan 07, 2010 at 08:09:49AM -0800, Bob McGowan wrote: > Ken Teague wrote: > > > > [501]it...@iceland:~$ ls -ld $HOME > > drwx------ 16 itsme arpa 1024 Oct 21 18:39 /arpa/nl/i/itsme > > [502]it...@iceland:~$ ls -l html > > lrwx------ 1 itsme arpa 16 Jan 26 2009 html -> /www/am/i/itsme > > [503]it...@iceland:~$ ls -ld /www/am/i/itsme > > drwxr-x--x 4 itsme nobody 512 Oct 30 19:37 /www/am/i/itsme > > > > This, to me, looks like the most elegant approach. > > > > Actually, this is the sort of situation where a $HOME permission of 711 > would be useful. Disallowing wild card based access but if the full > name is known, the file can be read (assuming it has the correct > permissions, of course). > > You could even go so far as to set the group ownership of $HOME to the > www-data group and set $HOME to be 710.
The way I have it set up is $HOME has rwxr-x--x, public_html has
rwxr-s--- chgrp'd to www-data. Most of my files are rw-------, except
where group read is required, files that fall into that category are
usually located in other directories with relevant permissions set up.
I suppose by now we should really be using acl's though.
Cheers,
Tom
--
You may be right, I may be crazy,
But it just may be a lunatic you're looking for!
-- Billy Joel
signature.asc
Description: Digital signature
