[sllug-members]: HTTP Directory Permissions Best Practices
Andrew Johnson
tehlaser at gmail.com
Wed Sep 20 10:49:02 MDT 2006
> > My /home directory is chmod 705, which means it's writeable to me,
> > invisible to anyone else in the "users" group, and readable to Apache.
> > That's important because obviously Apache needs to be able to access
> > the files to serve them.
>
> Mode 705 is unnecessary and not safe.
What do you mean by "not safe"? I've never heard of using a mode with
more permissions on everyone than on group. I always assumed that if
the other byte is 7, the user and group bytes don't matter--that
everyone has access. If a user is a member of a file's group that has
no group permissions, but the file has wide open "other" access,
should the user be able to access the file?
A quick check seems to indicate that this does work, but can it be
counted on? Does it have to be the primary group, or just any group
the user happens to be a member of?
More information about the sllug-members
mailing list