Date: Wed, 21 Feb 2007 21:57:02 +0100 From: Momchil Ivanov <slogster@gmail.com> To: freebsd-isp@freebsd.org Subject: Re: Separating users so they do not see each others's directories in FreeBSD Message-ID: <200702212157.12982.slogster@gmail.com> In-Reply-To: <45DC99F1.3090908@hatvany.com> References: <45DC99F1.3090908@hatvany.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1446406.H8cVSA7rjH Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline =D0=9D=D0=B0 21.2.2007 20:13 Charles Hatvany =D0=BF=D0=B8=D1=88=D0=B5: > Hi, > > Sorry to ask such a simple question, but I need to separate several > users, so they cannot even see each other's directories. All will have > significant data on the same server in different directory trees. What > is the easiest way to accomplish this? Jails seem like a lot of work, > but if that is the only way... > > Thanks in advance. > > Charles Hatvany The solution here depends on how to define: "they cannot even see each othe= r's=20 directories". You can use the following scenario: foo/ user1/ ... userN/ You can set foo`s ownership to root:wheel and perms to 711, so that everyon= e=20 can 'cd' to foo/, but only root can see what`s inside. Then set perms 700 f= or=20 every userdir (assuming every userdir is owned by different user). So what= =20 you get is: advantages: 1) every user can use it`s own directory 2) users are not aware of what`s inside foo/ (other users' dirs) disadvantages: 3) one can always open /etc/passwd and see what the other user's home dir = is,=20 though not being able to 'cd' to it or read its content 4) bruteforce is possible for finding out what`s inside foo/ If that`s what you are looking for, go for it. Using jails is also not a ba= d=20 idea, but it depends on what kind of service you will be providing your use= rs=20 with. =2D-=20 This correspondence is strictly confidential. Any screening, filtering and/or production for the purpose of public or otherwise disclosure is forbidden without written permission by the author signed above. If you are not the intended recipient, please immediately notify the sender and permanently delete any copies PGP KeyID: 0x3118168B Keyserver: pgp.mit.edu Key fingerprint BB50 2983 0714 36DC D02E 158A E03D 56DA 3118 168B --nextPart1446406.H8cVSA7rjH Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBF3LIo4D1W2jEYFosRAoEUAJ4p/rNPpUPWfpLCyiKRB3lyNpe9hwCfSV45 Q4AwXhhkaaY7S4KFsmN0dUw= =fPqy -----END PGP SIGNATURE----- --nextPart1446406.H8cVSA7rjH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200702212157.12982.slogster>