/home/ privacy
Posted by Weedy, 04-14-2009, 09:19 AM How do I keep users from spying on each others files? If I chmod -x /home/ all kinds of crap breaks. Would setting 660 along with setfacl u:apache:rwx work?
Posted by ServerManagement, 04-14-2009, 10:44 AM Do you mean for users in ssh or in scripts?
Posted by Weedy, 04-14-2009, 11:22 AM ssh/shell (granted it will apply to script because of suexec)
Posted by ITSVPS, 04-20-2009, 11:20 PM You can set permissions like 700 to the directory, that way no one other than the owner herself can enter her home directory. Alternatively, you can 770, and create 1 group for each user since each user may have multiple accounts. That way they can access their other accounts from their home directory but not other users'.
Posted by Weedy, 04-21-2009, 02:33 AM thats the obvious thing but then apache is locked out.
Posted by larry2148, 04-21-2009, 02:57 AM I can't look it up now, but I remember being able to setup users to not be able to get out of their own home dir(not like a normal jail shell) by placing a '.' in front of the home directory path in the /etc/passwd file. Then again this may only be for SFTP as that's what we were working on at the time but just something for you to do a little research on.
Posted by ITSVPS, 04-21-2009, 07:34 AM also consider giving apache only read/write/exec inside the directory which hosts their public_html files, and not directly to their home dir.