Re: Disallow other users from reading my $HOME



On Wed, Jan 6, 2010 at 4:29 PM, green <greenfreedom10@xxxxxxxxx> wrote:
Okay, I was assuming recursion because I have a ~/public_html and symlinks from
it to other files scattered in my $HOME and so a "chmod 700 $HOME" would just
break stuff.  Otherwise, just changing $HOME permissions is an excellent
solution.

Great point. "chmod 700 $HOME" would make ~/public_html to be not so
public, since, on a Debian box, apache runs under the www-data
account. :) So, if Mr. Cohen has such a configuration, he would need
to relocate his ~/public_html directory (along with all symlinked
scripts or binaries) to a public location that can be accessed by the
www-data account, and modify his apache configuration accordingly. I
have an account on freeshell.net that is configured like this:

[501]itsme@iceland:~$ ls -ld $HOME
drwx------ 16 itsme arpa 1024 Oct 21 18:39 /arpa/nl/i/itsme
[502]itsme@iceland:~$ ls -l html
lrwx------ 1 itsme arpa 16 Jan 26 2009 html -> /www/am/i/itsme
[503]itsme@iceland:~$ ls -ld /www/am/i/itsme
drwxr-x--x 4 itsme nobody 512 Oct 30 19:37 /www/am/i/itsme

This, to me, looks like the most elegant approach.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx



Relevant Pages

  • Re: Disallow other users from reading my $HOME
    ... just changing $HOME permissions is an excellent ... www-data account, and modify his apache configuration accordingly. ...
    (Debian-User)
  • Re: Migrating from Tiger to Snow does not get web server migration.
    ... default Apache configuration. ... At a minimum, you would have to re-enable PHP, since it is disabled by ... I logged into the clean macbook account (the one that I set up ... the basic installed first user account. ...
    (comp.sys.mac.system)
  • Re: 4 forests-domains, roaming clients, no trusts, not Internet-Ba
    ... "Windows Server 2003 and Cross Forest Site Communications ... Communications across forests work in Configuration Manager 2007 if the ... Account appears to be for Client to Server communication. ...
    (microsoft.public.sms.setup)
  • Re: Minimizing the number of "setuid root" daemons
    ... >allow me to specify exactly what a particular privileged program can and ... reads system timezone configuration ... local account database ... generic -- maintaining an overall database of allowed actions would be ...
    (comp.os.linux.security)
  • Re: Server Application Unavailable
    ... The configuration is Windows 2000, with .NET 2.0 the default ASP.NET ... password supplied in the processModel section of the config file ... directory allow access to the configured account. ... Read/write rights in the ASP.NET Temporary Files under the framework directory ...
    (microsoft.public.dotnet.framework.aspnet)