Restricting users to their own home directories / not letting
users view other users files...?
Uwe Laverenz
uwe at laverenz.de
Thu Feb 12 07:48:59 PST 2009
On Thu, Feb 12, 2009 at 09:39:18AM -0500, Keith Palmer wrote:
> Thanks so much, this solution works really well! It doesn't lock users out
> of the entire system, but it does ensure that users can't view other
> user's files via SFTP/SSH, which is fantastic.
This solution enforces the switch of all user directories to group "www",
which also means that any member of the group www gets access to these
directories. This would be even more dangerous if your webserver runs
with gid www and contains a php-module or something similar with a long
tradition of security problems. Sorry, but you really, really should not
do it this way.
The sticky bit for group www on the public_html directories can be a good
idea, though.
bye,
Uwe
More information about the freebsd-questions
mailing list