2010/1/10 Andrei Popescu andreimpope...@gmail.com:
On Fri,08.Jan.10, 22:57:50, green wrote:
I would consider Samba to be more secure (other thoughts anyone?); I feel
cautious about giving someone a network-accessible shell.
Samba will limit access to a specific folder.
There are various
On Mon,18.Jan.10, 14:31:59, Dotan Cohen wrote:
There are various ways to limit access to sftp only if an additional
server is not desired and speed is not an issue.
Speed is an issue (transfering gigs), but if it is not excessively
slow than we could live with it. What are the various
On Wed,06.Jan.10, 15:11:17, Bob McGowan wrote:
And 700 is not excessively paranoid. Since anyone can belong to a
group, it is possible for the personal group to have other names added
to it. Using 700 guarantees they have no access, if this should happen.
Only root can do that and if you
On Fri,08.Jan.10, 22:57:50, green wrote:
I would consider Samba to be more secure (other thoughts anyone?); I feel
cautious about giving someone a network-accessible shell.
Samba will limit access to a specific folder.
There are various ways to limit access to sftp only if an additional
On Thu, Jan 07, 2010 at 10:24:27PM +, Roger Leigh wrote:
Once could just give execute perm to ~ and maybe additionally
read as well to ~/public_html?
Exactly right. The read to ~/public_html is not necessary if
you have +x and a suitable index file underneath which is
readable, but it
On Fri, Jan 08, 2010 at 09:50:42AM +, Jon Dowland wrote:
On Thu, Jan 07, 2010 at 10:24:27PM +, Roger Leigh wrote:
Once could just give execute perm to ~ and maybe additionally
read as well to ~/public_html?
Exactly right. The read to ~/public_html is not necessary if
you have +x
In addition to using chmod as suggested by others, for securing
your files, why not try using encfs on directories that you *really* want
to protect from prying eyes? The added bonus is even root cannot see
those files and booting off a cd also will not let others look at
your files.
Thanks
Dotan Cohen wrote at 2010-01-08 15:52 -0600:
In addition to using chmod as suggested by others, for securing
your files, why not try using encfs on directories that you *really* want
to protect from prying eyes? The added bonus is even root cannot see
those files and booting off a cd also
Have you considered Samba? I think you can set up a password-protected or
public share without adding a user to the system.
Does that work over wifi? I figured that I would just give him the
password to the already-existing guest user on this system and let
him SSH in. He can figure out what
Dotan Cohen wrote at 2010-01-08 16:58 -0600:
Have you considered Samba? I think you can set up a password-protected or
public share without adding a user to the system.
Does that work over wifi?
Certainly. If your computer is on the same network as his (both connected to
the same access
Ken Teague wrote:
On Wed, Jan 6, 2010 at 4:29 PM, green greenfreedo...@gmail.com wrote:
Okay, I was assuming recursion because I have a ~/public_html and symlinks
from
it to other files scattered in my $HOME and so a chmod 700 $HOME would just
break stuff. Otherwise, just changing $HOME
On Thu, Jan 07, 2010 at 08:09:49AM -0800, Bob McGowan wrote:
Ken Teague wrote:
On Wed, Jan 6, 2010 at 4:29 PM, green greenfreedo...@gmail.com wrote:
Okay, I was assuming recursion because I have a ~/public_html and symlinks
from
it to other files scattered in my $HOME and so a chmod 700
On Thu, Jan 07, 2010 at 08:09:49AM -0800, Bob McGowan wrote:
Ken Teague wrote:
[501]it...@iceland:~$ ls -ld $HOME
drwx-- 16 itsme arpa 1024 Oct 21 18:39 /arpa/nl/i/itsme
[502]it...@iceland:~$ ls -l html
lrwx-- 1 itsme arpa 16 Jan 26 2009 html - /www/am/i/itsme
On Thu, Jan 07, 2010 at 06:54:12PM +, Tom Furie wrote:
On Thu, Jan 07, 2010 at 08:09:49AM -0800, Bob McGowan wrote:
Ken Teague wrote:
[snip]
The way I have it set up is $HOME has rwxr-x--x, public_html has
rwxr-s--- chgrp'd to www-data. Most of my files are rw---, except
where
Roger Leigh wrote:
% setfacl -m g:www-data:rx ~ ~/public_html
Many web servers are configured to run user-supplied CGI scripts as
www-data, so this approach is not particularly secure.
--
see shy jo
signature.asc
Description: Digital signature
On Thu, Jan 07, 2010 at 04:19:14PM -0500, Joey Hess wrote:
Roger Leigh wrote:
% setfacl -m g:www-data:rx ~ ~/public_html
Many web servers are configured to run user-supplied CGI scripts as
www-data, so this approach is not particularly secure.
I have not much experience of running web
On Wed, Jan 06, 2010 at 11:16:16PM +0200, Dotan Cohen wrote:
What are good permissions to use for one's home directory so that
other users on the system could not read or otherwise access my files?
Is 700 too paranoid? Should it be 755 like I see so many times? Will I
have problems
What are good permissions to use for one's home directory so that
other users on the system could not read or otherwise access my files?
Is 700 too paranoid? Should it be 755 like I see so many times? Will I
have problems with 750?
Thanks in advance for ideas.
--
Dotan Cohen
On Wed, Jan 6, 2010 at 1:16 PM, Dotan Cohen dotanco...@gmail.com wrote:
What are good permissions to use for one's home directory so that
other users on the system could not read or otherwise access my files?
Is 700 too paranoid? Should it be 755 like I see so many times? Will I
have problems
Dotan Cohen wrote at 2010-01-06 15:16 -0600:
What are good permissions to use for one's home directory so that
other users on the system could not read or otherwise access my files?
Is 700 too paranoid? Should it be 755 like I see so many times? Will I
have problems with 750?
For files that
On Wed, Jan 6, 2010 at 1:30 PM, green greenfreedo...@gmail.com wrote:
For files that already exist, I would use
u=rwX,g=rX,o=
I do not know how that translates to the number.
Note that will leave execution bits on non-directory files that already
have
them for some user.
I use umask 0027
Ken Teague wrote at 2010-01-06 15:59 -0600:
On Wed, Jan 6, 2010 at 1:30 PM, green [1]greenfreedo...@gmail.com wrote:
For files that already exist, I would use
u=rwX,g=rX,o=
I do not know how that translates to the number.
Note that will leave execution bits on non-directory files that
Ken Teague:
In his original e-mail, Mr. Cohen is looking for permissions so that other
users can not read or access his data. Correct me if I'm wrong, but that
pretty much leaves us with mode 700, umask 077.
Correct me if I am wrong, but for files created inside $HOME, the umask
doesn't
Jochen Schulz wrote:
Ken Teague:
In his original e-mail, Mr. Cohen is looking for permissions so that other
users can not read or access his data. Correct me if I'm wrong, but that
pretty much leaves us with mode 700, umask 077.
Correct me if I am wrong, but for files created inside $HOME,
On Wed, Jan 6, 2010 at 2:40 PM, green greenfreedo...@gmail.com wrote:
But he probably doesn't want all his files marked as executable.
chmod 700 $HOME will change only the home directory permissions,
which excludes all files that are currently present.
it...@testbox:~ ls -ld $HOME
drwx-- 19
Ken Teague wrote at 2010-01-06 18:05 -0600:
On Wed, Jan 6, 2010 at 2:40 PM, green greenfreedo...@gmail.com wrote:
But he probably doesn't want all his files marked as executable.
chmod 700 $HOME will change only the home directory permissions,
which excludes all files that are currently
On Wed, Jan 6, 2010 at 4:29 PM, green greenfreedo...@gmail.com wrote:
Okay, I was assuming recursion because I have a ~/public_html and symlinks
from
it to other files scattered in my $HOME and so a chmod 700 $HOME would just
break stuff. Otherwise, just changing $HOME permissions is an
Thanks, all, there is no ~/public_html directory on this desktop
system. I will simply chmod 700 $HOME. Thanks!
--
Dotan Cohen
http://what-is-what.com
http://gibberish.co.il
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
28 matches
Mail list logo
