Gabor Gombas wrote:
On Fri, Nov 17, 2006 at 07:43:20AM +0100, Olaf van der Spek wrote:
I guess that depends on what a user's definition of a directory being
readable means.
There is just one definition for that: whether open(...,
O_RDONLY|O_DIRECTORY) succeeds or not.
Sounds like the wrong definition.
And it sounds a lot like security by obscurity.
No, you just need a basic understanding of UNIX permissions to make use
of it.
So what is the purpose of using 751 (besides security through obscurity)?
Consider the case where a user wants an easy way to ensure that none of
the files in his home directory are world-readable.
The easy way is "chmod -R o-r $HOME".
If you really-really want to accomodate dumb users who has no idea of
UNIX permissions, then
- move public_html out of /home (we used a /public hierarchy mirroring
the layout of /home)
Is a Debian system required to use Apache with user dirs?
On the other hand, power users quickly got accustomed to using ACLs when
they wanted to make their home directories visible by just their friends
only or they wanted public_html only accessible through the web but not
through the filesystem (think passowrd-protected files).
That doesn't sound right either.
With PHP you can easily read those files from another user/vhost if
they're world-readable.
--
Olaf van der Spek
http://xccu.sf.net/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
