[lug] sudoers limitations?
Bear Giles
bgiles at coyotesong.com
Sun Jul 3 10:16:08 MDT 2005
I would use mode 701. 705 allows everyone to list the contents of
the directory, 701 prevents directory listings but still allows
any file to be read if the person knows the exact filename. It
also allows listing subdirectories.
All of this begs the question - why not put everyone into the
www-data group and use directory mode 710, umask 077. Only users
in the www-data group - not everyone - could look into the home
directory, and even then files and directories would only be
visible if they were explicitly chgrp'd into the www-data group.
The downside would be that users would have to explicitly chgrp
every file in their www directory. Is it possible to change the
umask for an individual subdirectory?
Bear
More information about the LUG
mailing list