On Wed, Feb 18, 2004 at 02:15:36AM +0100, Javier Fernández-Sanguino Peña wrote: > You can try to settle it by using umask (as other's have suggested) but > users can defeat that. If you _really_ want to fix it, have a cronjob do > this (quick and dirty, could be _really_ improved) > > ---------------------------------------------------------- > DIR_TO_FIX=/home/groupX > GROUP=mygroup > PERM=g+rwX > > find $DIR_TO_FIX -type f -o -type d | xargs chown $GROUP > # or chown -hR $GROUP $DIR_TO_FIX > find $DIR_TO_FIX -type f -o -type d | xargs chmod $PERM > # or chmod -hR $PERM $DIR_TO_FIX > ----------------------------------------------------------
Waaaaaah, SCARY! Users can create hard links to arbitrary files in that directory, e.g. links to other users' private files or to /etc/shadow, and automatically get read access to those files. umask *is* the right solution (together with a sticky-bit dir). Set up a default umask which allows global read access and *let* users defeat it! If they know how to change their umask to something more restrictive, they're bound to know what they're doing! Cheers, Richard -- __ _ |_) /| Richard Atterer | GnuPG key: | \/¯| http://atterer.net | 0x888354F7 ¯ '` ¯
