[tex-live] updmap and /

Heiko Oberdiek oberdiek at uni-freiburg.de
Tue Mar 3 11:20:26 CET 2009

On Tue, Mar 03, 2009 at 03:20:26AM +0100, Reinhard Kotucha wrote:

> On 2 March 2009 Heiko Oberdiek wrote:
>  > But making it readable for others means that they can easily look
>  > into the directory and perhaps can even read files that are meant
>  > to be private.
> But ~/public_html usually doesn't contain anything private.

There are other files/directories in ~.

> The
> content has to be readable by unprivileged users (like Apache) and of
> course, Apache needs "exec" permissions in order to 
> "cd /home/user/public_html".  But whether anything else is readable by
> anybody else depends on umask.  I don't think that it's dangerous to
> grant "exec" permissions to a particular directory.

Some files and directories might be guessed and accessed.
No permissions for group and other protect inexperienced users.
Robin made a good point:

| indeed.  in a seriously secure setup, public files *have* to be stored
| elsewhere.

> I distinguish between being careful and being paranoid.  If you want
> to make your system more secure, you have to find out first how things
> work and configure them with care.  Paranoia is something completely
> different.  Paranoids have problems with things which actually exist
> only in their mind.

Subtract things that are not possible, then you have the kind of
paranoia that might be useful for security. If there is a door
that can be opend, then someone/something can get in or out
regardless the size of the door.

Yours sincerely
  Heiko <oberdiek at uni-freiburg.de>

More information about the tex-live mailing list