Re: Disallow other users from reading my $HOME
2010/1/10 Andrei Popescu andreimpope...@gmail.com: On Fri,08.Jan.10, 22:57:50, green wrote: I would consider Samba to be more secure (other thoughts anyone?); I feel cautious about giving someone a network-accessible shell. Samba will limit access to a specific folder. There are various ways to limit access to sftp only if an additional server is not desired and speed is not an issue. Speed is an issue (transfering gigs), but if it is not excessively slow than we could live with it. What are the various ways? I have googled a bit, but found nothing better than a simple user account for him. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Disallow other users from reading my $HOME
On Mon,18.Jan.10, 14:31:59, Dotan Cohen wrote: There are various ways to limit access to sftp only if an additional server is not desired and speed is not an issue. Speed is an issue (transfering gigs), but if it is not excessively slow than we could live with it. What are the various ways? I have googled a bit, but found nothing better than a simple user account for him. I was thinking about scponly. Also the speed can be improved if you tune the encryption/compression options. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
On Wed,06.Jan.10, 15:11:17, Bob McGowan wrote: And 700 is not excessively paranoid. Since anyone can belong to a group, it is possible for the personal group to have other names added to it. Using 700 guarantees they have no access, if this should happen. Only root can do that and if you don't trust root on a system nothing will help. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
On Fri,08.Jan.10, 22:57:50, green wrote: I would consider Samba to be more secure (other thoughts anyone?); I feel cautious about giving someone a network-accessible shell. Samba will limit access to a specific folder. There are various ways to limit access to sftp only if an additional server is not desired and speed is not an issue. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
On Thu, Jan 07, 2010 at 10:24:27PM +, Roger Leigh wrote: Once could just give execute perm to ~ and maybe additionally read as well to ~/public_html? Exactly right. The read to ~/public_html is not necessary if you have +x and a suitable index file underneath which is readable, but it doesn't really hurt. (some people might not want their web directories 'indexable'. Those people will not want +r, but they will also want to turn of their web server's directory indexing feature too). -- Jon Dowland signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
On Fri, Jan 08, 2010 at 09:50:42AM +, Jon Dowland wrote: On Thu, Jan 07, 2010 at 10:24:27PM +, Roger Leigh wrote: Once could just give execute perm to ~ and maybe additionally read as well to ~/public_html? Exactly right. The read to ~/public_html is not necessary if you have +x and a suitable index file underneath which is I believe the requirement for apache is it has to be able to read from / to the destination directory. I ran into trouble one time when I change / to 0.0 750 readable, but it doesn't really hurt. (some people might not want their web directories 'indexable'. Those people will not want +r, but they will also want to turn of their web server's directory indexing feature too). -- Let me put it to you bluntly. In a changing world, we want more people to have control over your own life. - George W. Bush 08/09/2004 Annandale, VA signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
In addition to using chmod as suggested by others, for securing your files, why not try using encfs on directories that you *really* want to protect from prying eyes? The added bonus is even root cannot see those files and booting off a cd also will not let others look at your files. Thanks for the idea. I do not need that level of security, I just want to open another account on this machine so that my neighbour can send me pics of our daughters' joint birthday party over wifi! I like having the security that if some component of this machine breaks, I can mount the drive anywhere and recover the data. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Disallow other users from reading my $HOME
Dotan Cohen wrote at 2010-01-08 15:52 -0600: In addition to using chmod as suggested by others, for securing your files, why not try using encfs on directories that you *really* want to protect from prying eyes? The added bonus is even root cannot see those files and booting off a cd also will not let others look at your files. Thanks for the idea. I do not need that level of security, I just want to open another account on this machine so that my neighbour can send me pics of our daughters' joint birthday party over wifi! I like having the security that if some component of this machine breaks, I can mount the drive anywhere and recover the data. Have you considered Samba? I think you can set up a password-protected or public share without adding a user to the system. signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
Have you considered Samba? I think you can set up a password-protected or public share without adding a user to the system. Does that work over wifi? I figured that I would just give him the password to the already-existing guest user on this system and let him SSH in. He can figure out what to do with Putty on his Windows machine, I'm sure. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Disallow other users from reading my $HOME
Dotan Cohen wrote at 2010-01-08 16:58 -0600: Have you considered Samba? I think you can set up a password-protected or public share without adding a user to the system. Does that work over wifi? Certainly. If your computer is on the same network as his (both connected to the same access point), Windows should list your computer in Network Places or somesuch. Or just use Map Network Drive and the address \\yourip\sharename. I figured that I would just give him the password to the already-existing guest user on this system and let him SSH in. He can figure out what to do with Putty on his Windows machine, I'm sure. I would consider Samba to be more secure (other thoughts anyone?); I feel cautious about giving someone a network-accessible shell. Samba will limit access to a specific folder. signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
Ken Teague wrote: On Wed, Jan 6, 2010 at 4:29 PM, green greenfreedo...@gmail.com wrote: Okay, I was assuming recursion because I have a ~/public_html and symlinks from it to other files scattered in my $HOME and so a chmod 700 $HOME would just break stuff. Otherwise, just changing $HOME permissions is an excellent solution. Great point. chmod 700 $HOME would make ~/public_html to be not so public, since, on a Debian box, apache runs under the www-data account. :) So, if Mr. Cohen has such a configuration, he would need to relocate his ~/public_html directory (along with all symlinked scripts or binaries) to a public location that can be accessed by the www-data account, and modify his apache configuration accordingly. I have an account on freeshell.net that is configured like this: [501]it...@iceland:~$ ls -ld $HOME drwx-- 16 itsme arpa 1024 Oct 21 18:39 /arpa/nl/i/itsme [502]it...@iceland:~$ ls -l html lrwx-- 1 itsme arpa 16 Jan 26 2009 html - /www/am/i/itsme [503]it...@iceland:~$ ls -ld /www/am/i/itsme drwxr-x--x 4 itsme nobody 512 Oct 30 19:37 /www/am/i/itsme This, to me, looks like the most elegant approach. Actually, this is the sort of situation where a $HOME permission of 711 would be useful. Disallowing wild card based access but if the full name is known, the file can be read (assuming it has the correct permissions, of course). You could even go so far as to set the group ownership of $HOME to the www-data group and set $HOME to be 710. -- Bob McGowan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Disallow other users from reading my $HOME
On Thu, Jan 07, 2010 at 08:09:49AM -0800, Bob McGowan wrote: Ken Teague wrote: On Wed, Jan 6, 2010 at 4:29 PM, green greenfreedo...@gmail.com wrote: Okay, I was assuming recursion because I have a ~/public_html and symlinks from it to other files scattered in my $HOME and so a chmod 700 $HOME would just break stuff. Otherwise, just changing $HOME permissions is an excellent solution. Great point. chmod 700 $HOME would make ~/public_html to be not so public, since, on a Debian box, apache runs under the www-data account. :) So, if Mr. Cohen has such a configuration, he would need to relocate his ~/public_html directory (along with all symlinked scripts or binaries) to a public location that can be accessed by the www-data account, and modify his apache configuration accordingly. I have an account on freeshell.net that is configured like this: [501]it...@iceland:~$ ls -ld $HOME drwx-- 16 itsme arpa 1024 Oct 21 18:39 /arpa/nl/i/itsme [502]it...@iceland:~$ ls -l html lrwx-- 1 itsme arpa 16 Jan 26 2009 html - /www/am/i/itsme [503]it...@iceland:~$ ls -ld /www/am/i/itsme drwxr-x--x 4 itsme nobody 512 Oct 30 19:37 /www/am/i/itsme This, to me, looks like the most elegant approach. Actually, this is the sort of situation where a $HOME permission of 711 would be useful. Disallowing wild card based access but if the full name is known, the file can be read (assuming it has the correct permissions, of course). You could even go so far as to set the group ownership of $HOME to the www-data group and set $HOME to be 710. A cleaner alternative is to use ACLs (package acl): % setfacl -m g:www-data:rx ~ ~/public_html % getfacl ~ ~/public_html getfacl: Removing leading '/' from absolute path names # file: home/rleigh # owner: rleigh # group: rleigh user::rwx group::r-x group:www-data:r-x mask::r-x other::r-x # file: home/rleigh/public_html # owner: rleigh # group: rleigh user::rwx group::r-x group:www-data:r-x mask::r-x other::r-x Note, you'll need to enable ACL support on your filesystem, e.g. by running mount -o remount,acl /home and/or setting the acl option in /etc/fstab. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `-GPG Public Key: 0x25BFB848 Please GPG sign your mail. signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
On Thu, Jan 07, 2010 at 08:09:49AM -0800, Bob McGowan wrote: Ken Teague wrote: [501]it...@iceland:~$ ls -ld $HOME drwx-- 16 itsme arpa 1024 Oct 21 18:39 /arpa/nl/i/itsme [502]it...@iceland:~$ ls -l html lrwx-- 1 itsme arpa 16 Jan 26 2009 html - /www/am/i/itsme [503]it...@iceland:~$ ls -ld /www/am/i/itsme drwxr-x--x 4 itsme nobody 512 Oct 30 19:37 /www/am/i/itsme This, to me, looks like the most elegant approach. Actually, this is the sort of situation where a $HOME permission of 711 would be useful. Disallowing wild card based access but if the full name is known, the file can be read (assuming it has the correct permissions, of course). You could even go so far as to set the group ownership of $HOME to the www-data group and set $HOME to be 710. The way I have it set up is $HOME has rwxr-x--x, public_html has rwxr-s--- chgrp'd to www-data. Most of my files are rw---, except where group read is required, files that fall into that category are usually located in other directories with relevant permissions set up. I suppose by now we should really be using acl's though. Cheers, Tom -- You may be right, I may be crazy, But it just may be a lunatic you're looking for! -- Billy Joel signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
On Thu, Jan 07, 2010 at 06:54:12PM +, Tom Furie wrote: On Thu, Jan 07, 2010 at 08:09:49AM -0800, Bob McGowan wrote: Ken Teague wrote: [snip] The way I have it set up is $HOME has rwxr-x--x, public_html has rwxr-s--- chgrp'd to www-data. Most of my files are rw---, except where group read is required, files that fall into that category are usually located in other directories with relevant permissions set up. I suppose by now we should really be using acl's though. Somebody else commented on ACL's. I wonder how many other people are using ACL's Cheers, Tom -- e-credibility: the non-guaranteeable likelihood that the electronic data you're seeing is genuine rather than somebody's made-up crap. -- Karl Lehenbauer signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
Roger Leigh wrote: % setfacl -m g:www-data:rx ~ ~/public_html Many web servers are configured to run user-supplied CGI scripts as www-data, so this approach is not particularly secure. -- see shy jo signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
On Thu, Jan 07, 2010 at 04:19:14PM -0500, Joey Hess wrote: Roger Leigh wrote: % setfacl -m g:www-data:rx ~ ~/public_html Many web servers are configured to run user-supplied CGI scripts as www-data, so this approach is not particularly secure. I have not much experience of running web servers; this was just intended as an example. However, I'm not sure why it's insecure over the alternative of having it world readable? What is the actual minimal requirement for access by the web server? Surely it's representable in some form of ACL. Once could just give execute perm to ~ and maybe additionally read as well to ~/public_html? Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `-GPG Public Key: 0x25BFB848 Please GPG sign your mail. signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
On Wed, Jan 06, 2010 at 11:16:16PM +0200, Dotan Cohen wrote: What are good permissions to use for one's home directory so that other users on the system could not read or otherwise access my files? Is 700 too paranoid? Should it be 755 like I see so many times? Will I have problems with 750? In addition to using chmod as suggested by others, for securing your files, why not try using encfs on directories that you *really* want to protect from prying eyes? The added bonus is even root cannot see those files and booting off a cd also will not let others look at your files. Regards, -- Sridhar M.A. GPG KeyID : F6A35935 Fingerprint: D172 22C4 7CDC D9CD 62B5 55C1 2A69 D5D8 F6A3 5935 Sinners can repent, but stupid is forever. signature.asc Description: Digital signature
Disallow other users from reading my $HOME
What are good permissions to use for one's home directory so that other users on the system could not read or otherwise access my files? Is 700 too paranoid? Should it be 755 like I see so many times? Will I have problems with 750? Thanks in advance for ideas. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Disallow other users from reading my $HOME
On Wed, Jan 6, 2010 at 1:16 PM, Dotan Cohen dotanco...@gmail.com wrote: What are good permissions to use for one's home directory so that other users on the system could not read or otherwise access my files? Is 700 too paranoid? Should it be 755 like I see so many times? Will I have problems with 750? If you don't want others to have access to your home directory, use mode 700. Personally, I don't find it to be too paranoid, and prefer it that way.
Re: Disallow other users from reading my $HOME
Dotan Cohen wrote at 2010-01-06 15:16 -0600: What are good permissions to use for one's home directory so that other users on the system could not read or otherwise access my files? Is 700 too paranoid? Should it be 755 like I see so many times? Will I have problems with 750? For files that already exist, I would use u=rwX,g=rX,o= I do not know how that translates to the number. Note that will leave execution bits on non-directory files that already have them for some user. I use umask 0027 so that new files have permissions -rw-r-. signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
On Wed, Jan 6, 2010 at 1:30 PM, green greenfreedo...@gmail.com wrote: For files that already exist, I would use u=rwX,g=rX,o= I do not know how that translates to the number. Note that will leave execution bits on non-directory files that already have them for some user. I use umask 0027 so that new files have permissions -rw-r-. In his original e-mail, Mr. Cohen is looking for permissions so that other users can not read or access his data. Correct me if I'm wrong, but that pretty much leaves us with mode 700, umask 077.
Re: Disallow other users from reading my $HOME
Ken Teague wrote at 2010-01-06 15:59 -0600: On Wed, Jan 6, 2010 at 1:30 PM, green [1]greenfreedo...@gmail.com wrote: For files that already exist, I would use u=rwX,g=rX,o= I do not know how that translates to the number. Note that will leave execution bits on non-directory files that already have them for some user. I use umask 0027 so that new files have permissions -rw-r-. In his original e-mail, Mr. Cohen is looking for permissions so that other users can not read or access his data. Correct me if I'm wrong, but that pretty much leaves us with mode 700, umask 077. Hmm, you are correct. I carelessly assumed that (1) any files owned by groups other than his personal group (owned by other than user:user), and (2) any users in his personal group, were that way for a reason. But he probably doesn't want all his files marked as executable. $ umask 0077 $ touch abc $ ls -lh abc -rw--- 1 user user 0 2010-01-06 16:36 abc $ chmod 700 abc $ ls -lh abc -rwx-- 1 user user 0 2010-01-06 16:36 abc So I change my suggestion to u=rwX,g=,o= Is that possible with numeric form (the execute bit)? signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
Ken Teague: In his original e-mail, Mr. Cohen is looking for permissions so that other users can not read or access his data. Correct me if I'm wrong, but that pretty much leaves us with mode 700, umask 077. Correct me if I am wrong, but for files created inside $HOME, the umask doesn't matter if $HOME itself has mode 700. J. -- I am on the payroll of a company to whom I owe my undying gratitude. [Agree] [Disagree] http://www.slowlydownward.com/NODATA/data_enter2.html signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
Jochen Schulz wrote: Ken Teague: In his original e-mail, Mr. Cohen is looking for permissions so that other users can not read or access his data. Correct me if I'm wrong, but that pretty much leaves us with mode 700, umask 077. Correct me if I am wrong, but for files created inside $HOME, the umask doesn't matter if $HOME itself has mode 700. J. That's correct. With a home directory of 700, no one except the owner can find any files, be they directories, links, files, etc., under the home. Period. Doesn't matter what the permissions are, they can't be found. And 700 is not excessively paranoid. Since anyone can belong to a group, it is possible for the personal group to have other names added to it. Using 700 guarantees they have no access, if this should happen. An alternative setting I've sometimes used is 711. This allows the owner to send someone the full, spelled out, path to a file, and they can get it, but nothing else. Setting things this way could be useful, for sharing only what needs to be shared, with one caveat: experienced users know the full path for hidden configuration files/directories, so they would all need to change to 600 (files) or 700 (directories) to be sure they can't be compromised in some way. -- Bob McGowan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Disallow other users from reading my $HOME
On Wed, Jan 6, 2010 at 2:40 PM, green greenfreedo...@gmail.com wrote: But he probably doesn't want all his files marked as executable. chmod 700 $HOME will change only the home directory permissions, which excludes all files that are currently present. it...@testbox:~ ls -ld $HOME drwx-- 19 itsme users 4096 2009-10-13 21:38 /home/itsme it...@testbox:~ ls -l $HOME total 4512 drwx-- 2 itsme users4096 2009-03-25 18:56 Desktop -rwxr-xr-x 1 itsme users 541 2009-10-13 20:58 freespace.pl -rw-r--r-- 1 itsme users9214 2009-07-20 19:05 stat.txt drwxr-xr-x 3 itsme users 45 2009-11-18 14:55 tmp -rw-r--r-- 1 itsme users 210964 2009-02-18 21:26 VRTSralusPatch.tar.gz -rw-r--r-- 1 itsme users 19539 2009-07-16 18:10 xmacro-pre0.3-2911.tar.gz -rw-r--r-- 1 itsme users 4362344 2009-07-16 18:10 xnee-3.03.tar.gz it...@testbox:~ su - Password: testbox:~ # su - otheruser testbox /home/otheruser grep users /etc/group users:x:100:otheruser testbox /home/otheruser less /home/itsme/freespace.pl /home/itsme/freespace.pl: Permission denied $ umask 0077 $ touch abc $ ls -lh abc -rw--- 1 user user 0 2010-01-06 16:36 abc umask 0077 will do exactly as you've shown. It will ensure all future files will be mode 600. If a file needs the execute bit, it should be set manually. Files that are included in an archive with the execute bit set will retain it upon expanding the archive. testbox /home/otheruser exit logout testbox:~ # exit logout it...@testbox:~ umask 0077 it...@testbox:~ touch myscript.pl it...@testbox:~ ls -l myscript.pl -rw--- 1 itsme users 0 2010-01-06 18:41 myscript.pl it...@testbox:~ chmod 700 myscript.pl it...@testbox:~ ls -l myscript.pl -rwx-- 1 itsme users 0 2010-01-06 18:41 myscript.pl it...@testbox:~ tar cvjf myscript.pl.tar.bz2 myscript.pl myscript.pl it...@testbox:~ ls -l mys* -rwx-- 1 itsme users 0 2010-01-06 18:41 myscript.pl -rw--- 1 itsme users 128 2010-01-06 18:42 myscript.pl.tar.bz2 it...@testbox:~ rm myscript.pl it...@testbox:~ tar xvjf myscript.pl.tar.bz2 myscript.pl it...@testbox:~ ls -l myscript.pl -rwx-- 1 itsme users 0 2010-01-06 18:41 myscript.pl If you really want to be paranoid, you could set umask to 0277 so that all files are mode 400. So I change my suggestion to u=rwX,g=,o= This is an answer more suited to meet the needs of Mr. Cohen, but X is normally intended to be used with -R (recursive) so that all files that currently contain an execute bit retain that bit, and those that don't are not set to contain the execute bit. I'd simply use chmod 700 $HOME and call it a day. Is that possible with numeric form (the execute bit)? Not from my research. If anyone knows, please share. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Disallow other users from reading my $HOME
Ken Teague wrote at 2010-01-06 18:05 -0600: On Wed, Jan 6, 2010 at 2:40 PM, green greenfreedo...@gmail.com wrote: But he probably doesn't want all his files marked as executable. chmod 700 $HOME will change only the home directory permissions, which excludes all files that are currently present. So I change my suggestion to u=rwX,g=,o= This is an answer more suited to meet the needs of Mr. Cohen, but X is normally intended to be used with -R (recursive) so that all files that currently contain an execute bit retain that bit, and those that don't are not set to contain the execute bit. I'd simply use chmod 700 $HOME and call it a day. Okay, I was assuming recursion because I have a ~/public_html and symlinks from it to other files scattered in my $HOME and so a chmod 700 $HOME would just break stuff. Otherwise, just changing $HOME permissions is an excellent solution. signature.asc Description: Digital signature
Re: Disallow other users from reading my $HOME
On Wed, Jan 6, 2010 at 4:29 PM, green greenfreedo...@gmail.com wrote: Okay, I was assuming recursion because I have a ~/public_html and symlinks from it to other files scattered in my $HOME and so a chmod 700 $HOME would just break stuff. Otherwise, just changing $HOME permissions is an excellent solution. Great point. chmod 700 $HOME would make ~/public_html to be not so public, since, on a Debian box, apache runs under the www-data account. :) So, if Mr. Cohen has such a configuration, he would need to relocate his ~/public_html directory (along with all symlinked scripts or binaries) to a public location that can be accessed by the www-data account, and modify his apache configuration accordingly. I have an account on freeshell.net that is configured like this: [501]it...@iceland:~$ ls -ld $HOME drwx-- 16 itsme arpa 1024 Oct 21 18:39 /arpa/nl/i/itsme [502]it...@iceland:~$ ls -l html lrwx-- 1 itsme arpa 16 Jan 26 2009 html - /www/am/i/itsme [503]it...@iceland:~$ ls -ld /www/am/i/itsme drwxr-x--x 4 itsme nobody 512 Oct 30 19:37 /www/am/i/itsme This, to me, looks like the most elegant approach. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Disallow other users from reading my $HOME
Thanks, all, there is no ~/public_html directory on this desktop system. I will simply chmod 700 $HOME. Thanks! -- Dotan Cohen http://what-is-what.com http://gibberish.co.il -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org