Date: Thu, 12 Feb 2009 16:45:40 +0100 From: Uwe Laverenz <uwe@laverenz.de> To: freebsd-questions@freebsd.org Cc: keith@academickeys.com Subject: Re: Restricting users to their own home directories / not letting users view other users files...? Message-ID: <20090212154540.GC3324@laverenz.de> In-Reply-To: <62055.12.68.55.226.1234449558.squirrel@www.academickeys.com> References: <53134.12.68.55.226.1234369337.squirrel@www.academickeys.com> <20090211181843.GA41237@slackbox.xs4all.nl> <65534.12.68.55.226.1234377513.squirrel@www.academickeys.com> <F41F7727070FF48ED4A2BCB1@utd65257.utdallas.edu> <62055.12.68.55.226.1234449558.squirrel@www.academickeys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 12, 2009 at 09:39:18AM -0500, Keith Palmer wrote: > Thanks so much, this solution works really well! It doesn't lock users out > of the entire system, but it does ensure that users can't view other > user's files via SFTP/SSH, which is fantastic. This solution enforces the switch of all user directories to group "www", which also means that any member of the group www gets access to these directories. This would be even more dangerous if your webserver runs with gid www and contains a php-module or something similar with a long tradition of security problems. Sorry, but you really, really should not do it this way. The sticky bit for group www on the public_html directories can be a good idea, though. bye, Uwe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090212154540.GC3324>