From owner-freebsd-questions Mon Mar 17 15:47:15 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA12900 for questions-outgoing; Mon, 17 Mar 1997 15:47:15 -0800 (PST) Received: from obiwan.aceonline.com.au (obiwan.aceonline.com.au [203.103.90.67]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA12887 for ; Mon, 17 Mar 1997 15:47:01 -0800 (PST) Received: from localhost (adrian@localhost) by obiwan.aceonline.com.au (8.8.5/8.8.5) with SMTP id HAA05035; Tue, 18 Mar 1997 07:43:56 +0800 (WST) Date: Tue, 18 Mar 1997 07:43:55 +0800 (WST) From: Adrian Chadd To: Oleg Kolesnikov cc: questions@FreeBSD.ORG Subject: Re: [Q] How to enable user to view only certain part of FS [see letter] In-Reply-To: <199703171917.TAA26557@main.univers.chernovtsy.ua> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 17 Mar 1997, Oleg Kolesnikov wrote: > > Say, user's home directory is /mnt/userhomes/username. > I want this user to be able to view only /mnt/userhomes/username/... and > everything that is lower down the user's home directory > (i.e. so, that the construction: > cd ../../../etc;cat hosts wouldn't work) Why? I know people who have done this thinking it makes things more "secure" .. and it only roots up things even further :) (eg user processes can't read system files to get the current nameserver setup, or /etc/passwd/group to get uid/gid -> name mapping, other nasty stuff), since /etc/ DOES hold files that are quite useful for user processes :) If you are worried about people seeing your config, you CAN chmod stuff that is run by root so that only ROOT can read / write / execute the file, and noone else can. I wouldn't suggest this unless you knew what files are only ever accessed by root. Why do you want to do this ? Cya. Adrian Chadd