On Wed, May 11, 2005 at 03:15:40PM -0400, Chuck Swiger wrote:If you "mkdir private && chmod 700 private", any files created under private will be safely[1] hidden away from anyone else but you, regardless of their permissions or what your umask is.
Ah, okay. A slightly bad example. How about 0711 (now a home directory, say /home/lewiz). I would like to have a public_html directory that is generally accessible.
Um. Don't put stuff which you want to be private in a public_html directory.
Since /home/lewiz is now executable is it not possible for somebody to do, say, cat /home/lewiz/.cshrc? They know the file is there (but can't use ls to see it) so can access it.
Sure, modulo the permissions on .cshrc itself. If you don't want them to, give that file 600 perms. The Unix octal permissions bits work just fine for almost all reasonable cases, but no default is ever going to suit all possible variations of intent.
If you want to control access to something, set the access you want explicitly, do not hope that the system defaults will guess what you want. (DWIM is a horrible idea in general, and is an even worse idea for security.)
Anyway, if you do want to do something more complex, look to UFS2 and POSIX ACL's.
-- -Chuck
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
