Separating users so they do not see each others's directories
in FreeBSD
Momchil Ivanov
slogster at gmail.com
Wed Feb 21 21:30:34 UTC 2007
На 21.2.2007 20:13 Charles Hatvany пише:
> Hi,
>
> Sorry to ask such a simple question, but I need to separate several
> users, so they cannot even see each other's directories. All will have
> significant data on the same server in different directory trees. What
> is the easiest way to accomplish this? Jails seem like a lot of work,
> but if that is the only way...
>
> Thanks in advance.
>
> Charles Hatvany
The solution here depends on how to define: "they cannot even see each other's
directories". You can use the following scenario:
foo/
user1/
...
userN/
You can set foo`s ownership to root:wheel and perms to 711, so that everyone
can 'cd' to foo/, but only root can see what`s inside. Then set perms 700 for
every userdir (assuming every userdir is owned by different user). So what
you get is:
advantages:
1) every user can use it`s own directory
2) users are not aware of what`s inside foo/ (other users' dirs)
disadvantages:
3) one can always open /etc/passwd and see what the other user's home dir is,
though not being able to 'cd' to it or read its content
4) bruteforce is possible for finding out what`s inside foo/
If that`s what you are looking for, go for it. Using jails is also not a bad
idea, but it depends on what kind of service you will be providing your users
with.
--
This correspondence is strictly confidential. Any screening, filtering
and/or production for the purpose of public or otherwise disclosure is
forbidden without written permission by the author signed above. If you are
not the intended recipient, please immediately notify the sender and
permanently delete any copies
PGP KeyID: 0x3118168B
Keyserver: pgp.mit.edu
Key fingerprint BB50 2983 0714 36DC D02E 158A E03D 56DA 3118 168B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-isp/attachments/20070221/cd661fea/attachment.pgp
More information about the freebsd-isp
mailing list