[CLUE-Tech] How Safe Is It, part II

[Jed S. Baer]

On 05 Nov 2002 19:13:52 -0700
Roger Frank <rfrank at rfrank.us> wrote:

> I want to be able to write student labs and have them in my
> /var/www/html tree.  I also want the solutions there in a 
> subdirectory so they are tracked with the assignment.  The 
> server is physically in my office and the student lab is in the
> next room, so I can get anywhere in the /var/www/html tree as root.  
> I'm wondering if it's simple enough to just chmod 0700 and have 
> the owner root on the solutions subdirectory.  Students can find 
> it, but they shouldn't be able to descend into it.  I couldn't 
> either from the browser, but that's okay -- I don't need to
> from that side.

Easy enough to just have that directory (html/labs/answers/ or whatever
it's called) owned by any user other than the one running your httpd
process, and then, as you say, use file permissions.

But why root? Why not rfrank? Or something other than root. You shouldn't
force yourself to log in as root to do non-sysadmin tasks. Remember, a
typo as joe user can be an inconvenience. A typo as root can be a
disaster.

jed
-- 
We're frogs who are getting boiled in a pot full of single-character
morphemes, and we don't notice. - Larry Wall; Perl6, Apocalypse 5