From owner-freebsd-isp@FreeBSD.ORG Wed Feb 21 21:30:34 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B178F16A400 for ; Wed, 21 Feb 2007 21:30:34 +0000 (UTC) (envelope-from slogster@gmail.com) Received: from smtp.studnetz.uni-leipzig.de (smtp.studnetz.uni-leipzig.de [139.18.143.252]) by mx1.freebsd.org (Postfix) with ESMTP id 426DE13C48E for ; Wed, 21 Feb 2007 21:30:34 +0000 (UTC) (envelope-from slogster@gmail.com) Received: from localhost (localhost [127.0.0.1]) by smtp.studnetz.uni-leipzig.de (Postfix) with ESMTP id AFC88203 for ; Wed, 21 Feb 2007 21:57:14 +0100 (CET) X-Virus-Scanned: by amavisd-new at studnetz-ul Received: from smtp.studnetz.uni-leipzig.de ([127.0.0.1]) by localhost (smtp.studnetz.uni-leipzig.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kPBqovt1jI6h for ; Wed, 21 Feb 2007 21:57:14 +0100 (CET) Received: from a144026.studnetz.uni-leipzig.de (a144026.studnetz.uni-leipzig.de [139.18.144.26]) by smtp.studnetz.uni-leipzig.de (Postfix) with ESMTP id 9260A1FF for ; Wed, 21 Feb 2007 21:57:14 +0100 (CET) From: Momchil Ivanov To: freebsd-isp@freebsd.org Date: Wed, 21 Feb 2007 21:57:02 +0100 User-Agent: KMail/1.9.4 References: <45DC99F1.3090908@hatvany.com> In-Reply-To: <45DC99F1.3090908@hatvany.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1446406.H8cVSA7rjH"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200702212157.12982.slogster@gmail.com> Subject: Re: Separating users so they do not see each others's directories in FreeBSD X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: slogster@gmail.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2007 21:30:34 -0000 --nextPart1446406.H8cVSA7rjH Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline =D0=9D=D0=B0 21.2.2007 20:13 Charles Hatvany =D0=BF=D0=B8=D1=88=D0=B5: > Hi, > > Sorry to ask such a simple question, but I need to separate several > users, so they cannot even see each other's directories. All will have > significant data on the same server in different directory trees. What > is the easiest way to accomplish this? Jails seem like a lot of work, > but if that is the only way... > > Thanks in advance. > > Charles Hatvany The solution here depends on how to define: "they cannot even see each othe= r's=20 directories". You can use the following scenario: foo/ user1/ ... userN/ You can set foo`s ownership to root:wheel and perms to 711, so that everyon= e=20 can 'cd' to foo/, but only root can see what`s inside. Then set perms 700 f= or=20 every userdir (assuming every userdir is owned by different user). So what= =20 you get is: advantages: 1) every user can use it`s own directory 2) users are not aware of what`s inside foo/ (other users' dirs) disadvantages: 3) one can always open /etc/passwd and see what the other user's home dir = is,=20 though not being able to 'cd' to it or read its content 4) bruteforce is possible for finding out what`s inside foo/ If that`s what you are looking for, go for it. Using jails is also not a ba= d=20 idea, but it depends on what kind of service you will be providing your use= rs=20 with. =2D-=20 This correspondence is strictly confidential. Any screening, filtering and/or production for the purpose of public or otherwise disclosure is forbidden without written permission by the author signed above. If you are not the intended recipient, please immediately notify the sender and permanently delete any copies PGP KeyID: 0x3118168B Keyserver: pgp.mit.edu Key fingerprint BB50 2983 0714 36DC D02E 158A E03D 56DA 3118 168B --nextPart1446406.H8cVSA7rjH Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBF3LIo4D1W2jEYFosRAoEUAJ4p/rNPpUPWfpLCyiKRB3lyNpe9hwCfSV45 Q4AwXhhkaaY7S4KFsmN0dUw= =fPqy -----END PGP SIGNATURE----- --nextPart1446406.H8cVSA7rjH--