Restricting users to their own home directories / not letting
users view other users files...?
Roland Smith
rsmith at xs4all.nl
Wed Feb 11 10:18:48 PST 2009
On Wed, Feb 11, 2009 at 11:22:17AM -0500, Keith Palmer wrote:
>
> OK, I'm sure this question has been asked a million times, but I havn't
> been able to find a straight answer that actually solves the problem, so
> here goes.
>
> We have a FreeBSD server with multiple users. I would rather each user
> *not* be able to view other users' files via an SSH or SFTP session. i.e.
> if I'm logged in as "keith" I should *not* get a list of files when I do
> "ls /home/shannon"
>
> I realize I can fix this by setting the permissions on the "/home/shannon"
> directory to 700. *However* then Apache (running as user "www") won't
> display the documents in "/home/shannon/public_html" from
> "http://ip-address/~shannon/", instead returning a "403 Forbidden" error.
>
> Sooo... how can I set this up so that users can't view other user's files,
> but Apache still works?
Chmod the homedirs to 700. And write a script that copies the user's
html files/directories (if they have changed) to a location where apache
can access them. Run this script as a cronjob for root.
Alternatively, maybe you could use ACLs to grant group www access of the
home directories. See setfacl(1). [I've never had the need to try this,
so I'm not sure].
Roland
--
R.F.Smith http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090211/826632d0/attachment.pgp
More information about the freebsd-questions
mailing list