Bug 87979 - recommended way of enabling public_html exposes users' files in /home/user/
recommended way of enabling public_html exposes users' files in /home/user/
Product: Red Hat Linux
Classification: Retired
Component: rhl-cg (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tammy Fox
Tammy Fox
Depends On:
  Show dependency treegraph
Reported: 2003-04-04 04:08 EST by sysadmin
Modified: 2007-04-18 12:52 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-04-05 10:50:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description sysadmin 2003-04-04 04:08:32 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4a) Gecko/20030403

Description of problem:
The docs for enabling public_html for user joeblow instruct, in part:

chmod o+x /home/joeblow

And, by default, user files are created o+r.  

This combination allows anyone with a shell account to access the files in

It seems to me that RHL's default configuration should not lead to this result.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
follow RH's recommended procedure for enabling public_html directories

Additional info:
Comment 1 sysadmin 2003-04-04 11:28:55 EST
I forgot to mention that you'd have to know the name of a file in joeblow's home
directory in order to access it.
Comment 2 Tammy Fox 2003-04-04 11:32:02 EST
Which RH documentation are you referring to? The component has been changed to
rhl-cg, but the Customization Guide doesn't include this information.
Comment 3 sysadmin 2003-04-05 05:49:12 EST
i don't have them handy - maybe i was looking at some pre-upgrade docs - can you
tell me what the current recommended way of enabling public_html directories is?
Comment 4 Tammy Fox 2003-04-05 10:50:10 EST

Look for the UserDir directive.

Note You need to log in before you can comment on or make changes to this bug.