On Feb 17, Ian Jackson <ijack...@chiark.greenend.org.uk> wrote: > I disagree with this conclusion, because I disagree with the > underlying implication that the general readability of files is not > needed. Agreed.
> Perhaps it might be reasonable to try to find a way for accounts like > msql and www-data not to be able to access home directories (add > "daemon" to their supplementary group list and set the permissions of > /home 0705 to root.daemon, perhaps), but is this really worthwhile ? We have ACLs, but I believe that the local requirements vary enough that it is not worth the effort. -- ciao, Marco
signature.asc
Description: Digital signature
