From owner-freebsd-questions@FreeBSD.ORG  Thu Jul 31 21:28:38 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 063A5106567D
	for <freebsd-questions@freebsd.org>;
	Thu, 31 Jul 2008 21:28:38 +0000 (UTC)
	(envelope-from vmutu@snowball.pcbi.upenn.edu)
Received: from snowball.pcbi.upenn.edu (SNOWBALL.pcbi.upenn.edu [128.91.62.2])
	by mx1.freebsd.org (Postfix) with ESMTP id BB7898FC12
	for <freebsd-questions@freebsd.org>;
	Thu, 31 Jul 2008 21:28:37 +0000 (UTC)
	(envelope-from vmutu@snowball.pcbi.upenn.edu)
Received: from snowball.pcbi.upenn.edu (localhost.localdomain [127.0.0.1])
	by snowball.pcbi.upenn.edu (8.12.11.20060308/8.12.11) with ESMTP id
	m6VLSaZm017981
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 31 Jul 2008 17:28:37 -0400
Received: (from vmutu@localhost)
	by snowball.pcbi.upenn.edu (8.12.11.20060308/8.12.11/Submit) id
	m6VLSaeE017979; Thu, 31 Jul 2008 17:28:36 -0400
Date: Thu, 31 Jul 2008 17:28:36 -0400
From: Valeriu Mutu <vmutu@pcbi.upenn.edu>
To: John Almberg <jalmberg@identry.com>
Message-ID: <20080731212836.GH19484@snowball.pcbi.upenn.edu>
References: <26259A11-0CE7-43FB-878C-1A989C1EB006@identry.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <26259A11-0CE7-43FB-878C-1A989C1EB006@identry.com>
User-Agent: Mutt/1.4.1i
X-Operating-System: GNU/Linux
Organization: Penn Center for Bioinformatics
Cc: freebsd-questions@freebsd.org
Subject: Re: Controlling read access
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jul 2008 21:28:38 -0000

On Thu, Jul 31, 2008 at 05:16:48PM -0400, John Almberg wrote:
> I operate a server on which I am typically the only ssh user, but I  
> do provide a small number of users ftp access.
> 
> Each user has their own home directory. Currently all home  
> directories have read permission set for 'other'. This means if I log  
> in as one user, I can read and even download the contents of other  
> users home directories.
> 
> I want to block this read access. What is the best way to do this?  
> Turn off the read bit for 'other'? Or is there some better way?
> 
> Thanks: John
> 
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

Hi John,

If the user logs into their own directory via FTP, there should be a way to "chroot" him/her, so that the home directory appears as the root directory. Consult your FTP server manuals for this.

You might also turn off the r,w,x bits for other.

Valeriu

-- 
Valeriu Mutu