amd64/154112: user can delete file witch owned by root:wheel
Ihor R
kaba at goodnet.com.ua
Tue Jan 18 19:32:14 UTC 2011
On Tue, 18 Jan 2011 16:22:53 GMT, kib at FreeBSD.org wrote:
> User home directory is owned by user, right ?
> The system works as intended, read about unix file permission model.
>
The home user directory is owned by user, but I quote don't understand
how I can provide hosting service for my users, if anybody user can
delete any files in his home directory. By example:
if I want to block some resources, like site, by adding "deny from all"
to .htaccess and replace owner of this file to root:wheel. User can not
change this file (rewrite) but he can delete this file any time he wish
- and the site will go on to work and can make some steps to damage
server.
Can you please explain me how can I get back to Unix where users can't
delete file which they not own. What steps I need to do to solve current
problem.
I need that users can't change or delete files, that users not own,
anyway it's (files) placed.
More information about the freebsd-amd64
mailing list