[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] Web server Miracles
On Thursday 15 Jan 2004 10:16 am, Rob Keeling wrote:
> I will be setting the home directory permissions to user.nogroup, with user
> rxw, nogroup rx the web server is running as nogroup.
>
> This all seems to work, with students not being able to download (via ssh
> anyway) the source files of other users.
But can they read them on the machine? Thats the key point. Plusnet take a
similar approach to their php platform, and theres a slight problem with
people being able to read any passwords/etc stored in the php code. I suspect
its not as important, because theyre less likely to be storing anything
remotely sensitive, but it is something to watch for.
Andrew H
--
"Never give a sucker an even break, espcially if he's a big, mean sucker."
___________________________________________________________________
Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html
GNU the choice of a complete generation.