On Mon, Jul 14, 2003 at 01:44:21PM -0400, Phillip Hofmeister wrote: > On Mon, 14 Jul 2003 at 12:55:38PM -0400, Matt Zimmerman wrote: > > On Mon, Jul 14, 2003 at 12:23:01PM -0400, bda wrote: > > > As for the ~/tmp or ~/.tmp commentary, I have no real opinion, but it > > > seems like it'd be a lot of work to implement. :-) > > > > Most of the work is adding support for the TMPDIR environment variable to > > programs which do not already support it, and that is actually very easy. > > Probably harder than that... > What should be done about users that don't have +w to ~?
They use a different directory. That's what the environment variable is for, and it's simple to set it differently for different users (for example, using PAM). > Many system > services are set up with home directories to / or /home. > > www-data:x:33:33:www-data:/var/www:/bin/sh > > Unless you are using WebDAV to upload files www-data doesn't need write > access to /var/www. Even if you did give it write access, anyone > surfing your site would be able to access http://host/tmp/ (unless you > set up another Apache ACL). The system of a global directory works just > fine if it is properly secured (with say the GRSecurity patch). The www-data user's existence is a design flaw. -- - mdz
