From owner-freebsd-questions Fri Jun 26 20:42:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA04611 for freebsd-questions-outgoing; Fri, 26 Jun 1998 20:42:22 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from lucy.bedford.net (lucy.bedford.net [206.99.145.54]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA04598 for ; Fri, 26 Jun 1998 20:42:13 -0700 (PDT) (envelope-from listread@lucy.bedford.net) Received: (from listread@localhost) by lucy.bedford.net (8.8.8/8.8.8) id XAA04089; Fri, 26 Jun 1998 23:02:17 -0400 (EDT) (envelope-from listread) Message-Id: <199806270302.XAA04089@lucy.bedford.net> Subject: Re: Homedir 'hiding' In-Reply-To: <19980626154806.00479@blueberry.co.uk> from Keith Jones at "Jun 26, 98 03:48:06 pm" To: keith@blueberry.co.uk (Keith Jones) Date: Fri, 26 Jun 1998 23:02:17 -0400 (EDT) Cc: andre@pipeline.ch, questions@FreeBSD.ORG X-no-archive: yes Reply-to: djv@bedford.net From: CyberPeasant X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Keith Jones wrote: > On Fri, Jun 26, 1998 at 03:37:46PM +0200, IBS / Andre Oppermann wrote: > > > We give our customers at the moment only chrooted ftp access (ftpd > > with internal LS) to their www-homedirs. Some users however ask for > > telnet access. > > > > The problem we have is that if someone logs in that person can see > > all homedirectories of other customers. The user with telnet access > > has an own group but can still see the other homedirs but not enter > > them (no permission of course). > > > > My question is now: what can I do that the telnet users cant see > > the other homedirs (don't tell me 'rm -R *' ;-)). > > > > PS: I have tried to set the permissions to drwx------ but it is > > still visible with ls. > > It depends on how your partitions are set up. /home is usually, but not > always, a symlink to /usr/home. If this is so, use > > chmod 511 /usr/home > > If this is not so - for instance, if the /home tree is on its own partition - > then you need to > > chmod 511 /home > > N.B. Some shells may complain about this. tcsh, for instance, will generate > the following error on invocation: > > tcsh: Permission denied > tcsh: Trying to start from "/home/" > > [tcsh will still work, but the error is a bit annoying.] > It's not clear what Andre is trying to hide. If it's simply the names of other user's homedirs, nothing that is done to /home/* will prevent a telnet user from simply doing cat /etc/passwd and recovering the information about users that is there -- including home directory names. Dave -- http://www.microsoft.com/security: `Microsoft Windows NT Server is the most secure network operating system available.' Don Quixote: `You are mistaken, Sancho.' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message