Restricting users to their own home directories / not letting users view other users files...?

DAve dave.list at pixelhammer.com
Wed Feb 11 12:13:11 PST 2009


Keith Palmer wrote:
> OK, I'm sure this question has been asked a million times, but I havn't
> been able to find a straight answer that actually solves the problem, so
> here goes.
> 
> We have a FreeBSD server with multiple users. I would rather each user
> *not* be able to view other users' files via an SSH or SFTP session. i.e.
> if I'm logged in as "keith" I should *not* get a list of files when I do
> "ls /home/shannon"
> 
> I realize I can fix this by setting the permissions on the "/home/shannon"
> directory to 700. *However* then Apache (running as user "www") won't
> display the documents in "/home/shannon/public_html" from
> "http://ip-address/~shannon/", instead returning a "403 Forbidden" error.
> 
> 
> Sooo... how can I set this up so that users can't view other user's files,
> but Apache still works?
> 
> I would prefer *not* to use jails, as it sounds like a lot of overhead and
> complicated to set up... is there another way?
> 
> I've looked at rbash, but it looks like it disables a whole bunch of other
> stuff. My users still need a usable SSH shell. I've looked at rssh and
> scponly, but they seem to disallow SSH shell access completely.
> 
> 
> Thanks in advance!
> 

Try /usr/ports/security/openssh

You can chroot the user into their own home dir. Check out the 
ChrootDirectory sshd_config option.

http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5

DAve



-- 
The whole internet thing is sucking the life out of me,
there ain't no pony in there.


More information about the freebsd-questions mailing list