On Mon,18.Jan.10, 14:31:59, Dotan Cohen wrote:
> > There are various ways to limit access to sftp only if an additional
> > server is not desired and speed is not an issue.
>
> Speed is an issue (transfering gigs), but if it is not excessively
> slow than we could live with it. What are the vario
2010/1/10 Andrei Popescu :
> On Fri,08.Jan.10, 22:57:50, green wrote:
>>
>> I would consider Samba to be more secure (other thoughts anyone?); I feel
>> cautious about giving someone a network-accessible shell.
>>
>> Samba will limit access to a specific folder.
>
> There are various ways to limit
On Fri,08.Jan.10, 22:57:50, green wrote:
>
> I would consider Samba to be more secure (other thoughts anyone?); I feel
> cautious about giving someone a network-accessible shell.
>
> Samba will limit access to a specific folder.
There are various ways to limit access to sftp only if an addition
On Wed,06.Jan.10, 15:11:17, Bob McGowan wrote:
> And 700 is not excessively paranoid. Since anyone can belong to a
> group, it is possible for the "personal" group to have other names added
> to it. Using 700 guarantees they have no access, if this should happen.
Only root can do that and if y
Dotan Cohen wrote at 2010-01-08 16:58 -0600:
> > Have you considered Samba? I think you can set up a password-protected or
> > public share without adding a user to the system.
>
> Does that work over wifi?
Certainly. If your computer is on the same network as his (both connected to
the same a
> Have you considered Samba? I think you can set up a password-protected or
> public share without adding a user to the system.
>
Does that work over wifi? I figured that I would just give him the
password to the already-existing "guest" user on this system and let
him SSH in. He can figure out w
Dotan Cohen wrote at 2010-01-08 15:52 -0600:
> > In addition to using chmod as suggested by others, for securing
> > your files, why not try using encfs on directories that you *really* want
> > to protect from prying eyes? The added bonus is even root cannot see
> > those files and booting off a c
> In addition to using chmod as suggested by others, for securing
> your files, why not try using encfs on directories that you *really* want
> to protect from prying eyes? The added bonus is even root cannot see
> those files and booting off a cd also will not let others look at
> your files.
>
T
On Fri, Jan 08, 2010 at 09:50:42AM +, Jon Dowland wrote:
> On Thu, Jan 07, 2010 at 10:24:27PM +, Roger Leigh wrote:
> > Once could just give execute perm to ~ and maybe additionally
> > read as well to ~/public_html?
>
> Exactly right. The read to ~/public_html is not necessary if
> you ha
On Thu, Jan 07, 2010 at 10:24:27PM +, Roger Leigh wrote:
> Once could just give execute perm to ~ and maybe additionally
> read as well to ~/public_html?
Exactly right. The read to ~/public_html is not necessary if
you have +x and a suitable index file underneath which is
readable, but it does
On Wed, Jan 06, 2010 at 11:16:16PM +0200, Dotan Cohen wrote:
> What are good permissions to use for one's home directory so that
> other users on the system could not read or otherwise access my files?
> Is 700 too paranoid? Should it be 755 like I see so many times? Will I
> have probl
On Thu, Jan 07, 2010 at 04:19:14PM -0500, Joey Hess wrote:
> Roger Leigh wrote:
> > % setfacl -m g:www-data:rx ~ ~/public_html
>
> Many web servers are configured to run user-supplied CGI scripts as
> www-data, so this approach is not particularly secure.
I have not much experience of running web
Roger Leigh wrote:
> % setfacl -m g:www-data:rx ~ ~/public_html
Many web servers are configured to run user-supplied CGI scripts as
www-data, so this approach is not particularly secure.
--
see shy jo
signature.asc
Description: Digital signature
On Thu, Jan 07, 2010 at 06:54:12PM +, Tom Furie wrote:
> On Thu, Jan 07, 2010 at 08:09:49AM -0800, Bob McGowan wrote:
> > Ken Teague wrote:
> > >
[snip]
> The way I have it set up is $HOME has rwxr-x--x, public_html has
> rwxr-s--- chgrp'd to www-data. Most of my files are rw---, except
On Thu, Jan 07, 2010 at 08:09:49AM -0800, Bob McGowan wrote:
> Ken Teague wrote:
> >
> > [501]it...@iceland:~$ ls -ld $HOME
> > drwx-- 16 itsme arpa 1024 Oct 21 18:39 /arpa/nl/i/itsme
> > [502]it...@iceland:~$ ls -l html
> > lrwx-- 1 itsme arpa 16 Jan 26 2009 html -> /www/am/i/itsme
On Thu, Jan 07, 2010 at 08:09:49AM -0800, Bob McGowan wrote:
> Ken Teague wrote:
> > On Wed, Jan 6, 2010 at 4:29 PM, green wrote:
> >> Okay, I was assuming recursion because I have a ~/public_html and symlinks
> >> from
> >> it to other files scattered in my $HOME and so a "chmod 700 $HOME" would
Ken Teague wrote:
> On Wed, Jan 6, 2010 at 4:29 PM, green wrote:
>> Okay, I was assuming recursion because I have a ~/public_html and symlinks
>> from
>> it to other files scattered in my $HOME and so a "chmod 700 $HOME" would just
>> break stuff. Otherwise, just changing $HOME permissions is an
Thanks, all, there is no ~/public_html directory on this desktop
system. I will simply chmod 700 $HOME. Thanks!
--
Dotan Cohen
http://what-is-what.com
http://gibberish.co.il
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact lis
On Wed, Jan 6, 2010 at 4:29 PM, green wrote:
> Okay, I was assuming recursion because I have a ~/public_html and symlinks
> from
> it to other files scattered in my $HOME and so a "chmod 700 $HOME" would just
> break stuff. Otherwise, just changing $HOME permissions is an excellent
> solution.
Ken Teague wrote at 2010-01-06 18:05 -0600:
> On Wed, Jan 6, 2010 at 2:40 PM, green wrote:
> > But he probably doesn't want all his files marked as executable.
>
> "chmod 700 $HOME" will change only the home directory permissions,
> which excludes all files that are currently present.
> > So I c
On Wed, Jan 6, 2010 at 2:40 PM, green wrote:
> But he probably doesn't want all his files marked as executable.
"chmod 700 $HOME" will change only the home directory permissions,
which excludes all files that are currently present.
it...@testbox:~> ls -ld $HOME
drwx-- 19 itsme users 4096 200
Jochen Schulz wrote:
> Ken Teague:
>> In his original e-mail, Mr. Cohen is looking for permissions so that other
>> users can not read or access his data. Correct me if I'm wrong, but that
>> pretty much leaves us with mode 700, umask 077.
>
> Correct me if I am wrong, but for files created insid
Ken Teague:
>
> In his original e-mail, Mr. Cohen is looking for permissions so that other
> users can not read or access his data. Correct me if I'm wrong, but that
> pretty much leaves us with mode 700, umask 077.
Correct me if I am wrong, but for files created inside $HOME, the umask
doesn't
Ken Teague wrote at 2010-01-06 15:59 -0600:
> On Wed, Jan 6, 2010 at 1:30 PM, green <[1]greenfreedo...@gmail.com> wrote:
> > For files that already exist, I would use
> > u=rwX,g=rX,o=
> > I do not know how that translates to the number.
> > Note that will leave execution bits on non-directory fil
On Wed, Jan 6, 2010 at 1:30 PM, green wrote:
> For files that already exist, I would use
> u=rwX,g=rX,o=
> I do not know how that translates to the number.
> Note that will leave execution bits on non-directory files that already
> have
> them for some user.
>
> I use umask 0027 so that new file
Dotan Cohen wrote at 2010-01-06 15:16 -0600:
> What are good permissions to use for one's home directory so that
> other users on the system could not read or otherwise access my files?
> Is 700 too paranoid? Should it be 755 like I see so many times? Will I
> have problems with 750?
For files tha
On Wed, Jan 6, 2010 at 1:16 PM, Dotan Cohen wrote:
> What are good permissions to use for one's home directory so that
> other users on the system could not read or otherwise access my files?
> Is 700 too paranoid? Should it be 755 like I see so many times? Will I
> have problems with 750?
>
If
What are good permissions to use for one's home directory so that
other users on the system could not read or otherwise access my files?
Is 700 too paranoid? Should it be 755 like I see so many times? Will I
have problems with 750?
Thanks in advance for ideas.
--
Dotan Cohen
http://what-is-wha
28 matches
Mail list logo
