[sllug-members]: HTTP Directory Permissions Best Practices
Andrew Johnson
tehlaser at gmail.com
Wed Sep 20 11:15:26 MDT 2006
Weird. Never knew plain ol' unix file permissions had a deny option.
Might be useful someday, but I'm usually a default-deny kind of person
anyway.
I'm still interested in why Lamont calls it "not safe" though.
On 9/20/06, Jeff Schroeder <jeff at zingstudios.net> wrote:
> Andrew asked:
>
> > If a user is a member of a file's group that has
> > no group permissions, but the file has wide open "other" access,
> > should the user be able to access the file?
>
> Not at all. The permissions are user+group+world, and "world" means
> "not in this group". In other words, if I'm user "jeff" in group
> "users", and my directory is chmod 705, then I can see it and write to
> it (I have rwx permission), and anyone NOT in the "users" group can see
> it (with r-x permission). In the example I gave, Apache is in the
> "nobody" group so it can see the web files. No other users (who are
> all in the "users" group) can see them.
More information about the sllug-members
mailing list