Re: Disallow other users from reading my $HOME



On Wed, Jan 6, 2010 at 4:29 PM, green <greenfreedom10@xxxxxxxxx> wrote:
Okay, I was assuming recursion because I have a ~/public_html and symlinks from
it to other files scattered in my $HOME and so a "chmod 700 $HOME" would just
break stuff.  Otherwise, just changing $HOME permissions is an excellent
solution.

Great point. "chmod 700 $HOME" would make ~/public_html to be not so
public, since, on a Debian box, apache runs under the www-data
account. :) So, if Mr. Cohen has such a configuration, he would need
to relocate his ~/public_html directory (along with all symlinked
scripts or binaries) to a public location that can be accessed by the
www-data account, and modify his apache configuration accordingly. I
have an account on freeshell.net that is configured like this:

[501]itsme@iceland:~$ ls -ld $HOME
drwx------ 16 itsme arpa 1024 Oct 21 18:39 /arpa/nl/i/itsme
[502]itsme@iceland:~$ ls -l html
lrwx------ 1 itsme arpa 16 Jan 26 2009 html -> /www/am/i/itsme
[503]itsme@iceland:~$ ls -ld /www/am/i/itsme
drwxr-x--x 4 itsme nobody 512 Oct 30 19:37 /www/am/i/itsme

This, to me, looks like the most elegant approach.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx