Date: Wed, 11 Feb 2009 11:22:17 -0500 (EST) From: "Keith Palmer" <keith@academickeys.com> To: freebsd-questions@freebsd.org Subject: Restricting users to their own home directories / not letting users view other users files...? Message-ID: <53134.12.68.55.226.1234369337.squirrel@www.academickeys.com>
next in thread | raw e-mail | index | archive | help
OK, I'm sure this question has been asked a million times, but I havn't been able to find a straight answer that actually solves the problem, so here goes. We have a FreeBSD server with multiple users. I would rather each user *not* be able to view other users' files via an SSH or SFTP session. i.e. if I'm logged in as "keith" I should *not* get a list of files when I do "ls /home/shannon" I realize I can fix this by setting the permissions on the "/home/shannon= " directory to 700. *However* then Apache (running as user "www") won't display the documents in "/home/shannon/public_html" from "http://ip-address/~shannon/", instead returning a "403 Forbidden" error. Sooo... how can I set this up so that users can't view other user's files= , but Apache still works? I would prefer *not* to use jails, as it sounds like a lot of overhead an= d complicated to set up... is there another way? I've looked at rbash, but it looks like it disables a whole bunch of othe= r stuff. My users still need a usable SSH shell. I've looked at rssh and scponly, but they seem to disallow SSH shell access completely. Thanks in advance! --=20 - Keith Palmer Keith@AcademicKeys.com http://www.AcademicKeys.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53134.12.68.55.226.1234369337.squirrel>