From owner-freebsd-questions@FreeBSD.ORG Thu Jul 31 22:05:36 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E5B29106567C for ; Thu, 31 Jul 2008 22:05:36 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (mail.computinginnovations.com [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id 76A448FC18 for ; Thu, 31 Jul 2008 22:05:36 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.14.2/8.14.2) with ESMTP id m6VM5TcY032157; Thu, 31 Jul 2008 17:05:30 -0500 (CDT) (envelope-from derek@computinginnovations.com) Message-Id: <6.0.0.22.2.20080731170309.025253a0@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Thu, 31 Jul 2008 17:05:21 -0500 To: John Almberg , freebsd-questions@freebsd.org From: Derek Ragona In-Reply-To: <26259A11-0CE7-43FB-878C-1A989C1EB006@identry.com> References: <26259A11-0CE7-43FB-878C-1A989C1EB006@identry.com> Mime-Version: 1.0 X-Antivirus: avast! (VPS 080731-0, 07/31/2008), Outbound message X-Antivirus-Status: Clean X-Virus-Scanned: ClamAV 0.93.3/7903/Thu Jul 31 13:51:18 2008 on betty.computinginnovations.com X-Virus-Status: Clean X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-MailScanner-ID: m6VM5TcY032157 X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Controlling read access X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2008 22:05:37 -0000 At 04:16 PM 7/31/2008, John Almberg wrote: >I operate a server on which I am typically the only ssh user, but I >do provide a small number of users ftp access. > >Each user has their own home directory. Currently all home >directories have read permission set for 'other'. This means if I log >in as one user, I can read and even download the contents of other >users home directories. > >I want to block this read access. What is the best way to do this? >Turn off the read bit for 'other'? Or is there some better way? > >Thanks: John I've used vsftp from the ports. It is very configurable to the point you can even specify which ftp commands to allow. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.