Re: [Sheflug] Web server Miracles

[Ashe Tyrael <ashe [at] xxxxxxxxxxxxxxxxxx>]

On Thursday 15 Jan 2004 10:16 am, Rob Keeling wrote:

> I will be setting the home directory permissions to user.nogroup, with user
> rxw, nogroup rx the web server is running as nogroup.
>
> This all seems to work, with students not being able to download (via ssh
> anyway) the source files of other users.

But can they read them on the machine? Thats the key point. Plusnet take a 
similar approach to their php platform, and theres a slight problem with 
people being able to read any passwords/etc stored in the php code. I suspect 
its not as important, because theyre less likely to be storing anything 
remotely sensitive, but it is something to watch for. 

Andrew H
-- 
"Never give a sucker an even break, espcially if he's a big, mean sucker."

___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.