On Thu, Jan 07, 2010 at 04:19:14PM -0500, Joey Hess wrote: > Roger Leigh wrote: > > % setfacl -m g:www-data:rx ~ ~/public_html > > Many web servers are configured to run user-supplied CGI scripts as > www-data, so this approach is not particularly secure.
I have not much experience of running web servers; this was just intended as an example. However, I'm not sure why it's insecure over the alternative of having it world readable? What is the actual minimal requirement for access by the web server? Surely it's representable in some form of ACL. Once could just give execute perm to ~ and maybe additionally read as well to ~/public_html? Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
signature.asc
Description: Digital signature
