Restricting users to their own home directories / not letting
users view other users files...?
Chuck Swiger
cswiger at mac.com
Wed Feb 11 11:36:38 PST 2009
On Feb 11, 2009, at 8:22 AM, Keith Palmer wrote:
> We have a FreeBSD server with multiple users. I would rather each user
> *not* be able to view other users' files via an SSH or SFTP session.
> i.e.
> if I'm logged in as "keith" I should *not* get a list of files when
> I do
> "ls /home/shannon"
>
> I realize I can fix this by setting the permissions on the "/home/
> shannon"
> directory to 700. *However* then Apache (running as user "www") won't
> display the documents in "/home/shannon/public_html" from
> "http://ip-address/~shannon/", instead returning a "403 Forbidden"
> error.
This is an old, old problem; a reasonable solution is to create a
$USER/private directory with 700 permissions for each user, and have
them put anything which they consider "secret" under there.
--
-Chuck
More information about the freebsd-questions
mailing list