[X-Unix] Stupid Mac OS X question (?)

Wed Feb 11 14:09:45 PST 2004

On Wed, Feb 11, 2004 at 12:12:35AM -0600, Albert Lunde wrote:

> >Or maybe just a stupid idea. Is there anything wrong with doing this:
> >
> >   sudo chmod -R go-rwx ~/*
> >
> >I.e. I want to block out access of others to everything in my home
> >folder, but will doing this break anything in the system? Are there
> >files that must be readable by group and/or other?
> 
> I wouldn't do it if I were you. I can't cite a specific example other
> than public_html (as someone else noted) that needs access, but it's
> irrevesible unless you've kept careful track of permissions, and it's
> over-kill.
> 
> You can get the same protective effect, with less risk, by typing:
> 
> ls -ld $HOME
> chmod 700 $HOME

One problem though, if you want to have a ~user html page you'll need
permissions 701 on $HOME.  The web server uid has to have access to
$HOME/Sites (or whatever your web server is configured to use)...unless
the web server has been designated to run as root (which I can't see
ever being a good idea).

Sigh...if only we had ACLs...

-- 
~'`^`'~=-.,__,.-=~'`^`'~=-.,__,.-=~'`^`'~=-., \|/  (___)  \|/ _,.-=~'`^`
                                               @~./'O o`\.~@
               "Knowledge is Power"           /__( \___/ )__\  *PPPFFBT!*
                  -- Francis Bacon               `\__`U_/'
 _,.-=~'`^`'~=-.,__,.-=~'`^`'~=-.,__,.-=~'`^`'~= <____|'  ^^`'~=-.,__,.-=
~`'^`'~=-.,__,.-=~'`^`'~=-.,__,.-=~'`^`'~=-.,__,.-==--^'~=-.,__,.-=~'`^`