Restricting users to their own home directories / not letting
users view other users files...?
Keith Palmer
keith at academickeys.com
Wed Feb 11 08:40:47 PST 2009
OK, I'm sure this question has been asked a million times, but I havn't
been able to find a straight answer that actually solves the problem, so
here goes.
We have a FreeBSD server with multiple users. I would rather each user
*not* be able to view other users' files via an SSH or SFTP session. i.e.
if I'm logged in as "keith" I should *not* get a list of files when I do
"ls /home/shannon"
I realize I can fix this by setting the permissions on the "/home/shannon"
directory to 700. *However* then Apache (running as user "www") won't
display the documents in "/home/shannon/public_html" from
"http://ip-address/~shannon/", instead returning a "403 Forbidden" error.
Sooo... how can I set this up so that users can't view other user's files,
but Apache still works?
I would prefer *not* to use jails, as it sounds like a lot of overhead and
complicated to set up... is there another way?
I've looked at rbash, but it looks like it disables a whole bunch of other
stuff. My users still need a usable SSH shell. I've looked at rssh and
scponly, but they seem to disallow SSH shell access completely.
Thanks in advance!
--
- Keith Palmer
Keith at AcademicKeys.com
http://www.AcademicKeys.com/
More information about the freebsd-questions
mailing list