Private home directories for hirsute onwards
Alex Murray
alex.murray at canonical.com
Fri Nov 27 06:10:48 UTC 2020
On Fri, 2020-11-27 at 03:39:36 +1030, Dimitri John Ledkov wrote:
> On Thu, Nov 26, 2020 at 2:31 AM Alex Murray <alex.murray at canonical.com> wrote:
>>
>> setfacl -m u:libvirt-qemu:rx $HOME
>>
>
> Similar to above for qemu are there similar setfacl commands, would
> something similar be also needed for:
> - sshd user to access ~/.ssh/authorized_keys , or nothing needed
> there?
There is nothing needed here, ssh with public key auth works fine with
750 $HOME - sshd runs as root so this is fine
> - in GNOME making ~/Public public?
Also tested this and is fine - gnome-user-shame spawns apache2 running
as the target user to share via webdav so this also works
> - giving access to ~/public_html for the www-data user?
This also needs the same ACL based approach:
setfacl -m u:www-data:rx $HOME
>
> If yes, then what are the commands?
>
> I like this approach of selective and explicit setfacl commands to
> grant ACLs on per-usecase basis. This is inline with modern ways of
> managing permissions.
>
> --
> Regards,
>
> Dimitri.
More information about the Ubuntu-devel-discuss
mailing list