From owner-freebsd-questions@FreeBSD.ORG Thu Jul 31 21:28:05 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CCC91106567D for ; Thu, 31 Jul 2008 21:28:05 +0000 (UTC) (envelope-from sonic2000gr@gmail.com) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.190]) by mx1.freebsd.org (Postfix) with ESMTP id 54BF28FC18 for ; Thu, 31 Jul 2008 21:28:05 +0000 (UTC) (envelope-from sonic2000gr@gmail.com) Received: by fk-out-0910.google.com with SMTP id k31so900552fkk.11 for ; Thu, 31 Jul 2008 14:28:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=Mt0cxB3d+T7bgWgAAbABIXdwyEIyQDjdbKnmt1M2RiA=; b=s1iRFi/c/QX5POo6MtsZgCi0NGXWpLSIKFvBk9HdR8uDHAfKyAFg4+9P3BG31Mvvfn HhShml3mMbUtl+Uhtq7G+9oPR1noRz/0yCx5djz1KLQAz8yMXc+ymGi1c8zsrAguJiAT fGbvgsIl96DNWlqMsm3fb2ru8HAnkQoBlMv5k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=aMOtDJAHAKIKZuo+ss6mVKGzm4j+45Hc5cR61Mv/V5rxdc/JgcCql41+PdnAe9HPzW 76jGAMrTmN6Wtt2fG6dBiese4SqKoOZG0EWUPCH+tX2Ym72YlSJuwohFWYrlk3pLBHTp 5eBAUb1HWOldcakMVA3MG80UFxkIC/U/ove2Y= Received: by 10.181.22.8 with SMTP id z8mr3689227bki.78.1217539683939; Thu, 31 Jul 2008 14:28:03 -0700 (PDT) Received: from atlantis.dyndns.org ( [79.130.48.30]) by mx.google.com with ESMTPS id 28sm313884fkx.1.2008.07.31.14.28.01 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 31 Jul 2008 14:28:02 -0700 (PDT) Message-ID: <48922E60.5090908@gmail.com> Date: Fri, 01 Aug 2008 00:28:00 +0300 From: Manolis Kiagias User-Agent: Thunderbird 2.0.0.14 (X11/20080703) MIME-Version: 1.0 To: John Almberg References: <26259A11-0CE7-43FB-878C-1A989C1EB006@identry.com> In-Reply-To: <26259A11-0CE7-43FB-878C-1A989C1EB006@identry.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-questions@freebsd.org" Subject: Re: Controlling read access X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2008 21:28:05 -0000 John Almberg wrote: > I operate a server on which I am typically the only ssh user, but I do > provide a small number of users ftp access. > > Each user has their own home directory. Currently all home directories > have read permission set for 'other'. This means if I log in as one > user, I can read and even download the contents of other users home > directories. > > I want to block this read access. What is the best way to do this? > Turn off the read bit for 'other'? Or is there some better way? > > Thanks: John > What ftp server software are you using? For example, in proftpd, you simply add this line to /usr/local/etc/proftpd.conf: DefaultRoot ~ and everyone is "jailed" into his own directory. It also seems the ftp daemon in the base system supports this through /etc/ftpchroot. If you are using it, read the man pages for ftpd(8) and ftpchroot(5)