home directory policy
Stephen Cope
mail at unsolicited.kimihia.org.nz
Sat Mar 9 15:41:27 PST 2002
oscar wrote:
> i want to set for every regular user in the system (redhat 6.2) that nobody
> can go outside its home directory from a ssh session and they cannot use
> "cd" or "ls" to see other directories rather than its home directory.
It's all about the directory mode ...
0700 = tightest. Only the owner of the directory (and root) can see in
the directory or do anything to files below this directory, even if they
have more relaxed permissions
0711 = slightely easier, but if a sub directory (eg, public_html/) needs
to be accessed (and has more lax permissions) then it can be used in a
path
0755 = loose - anyone can see what files are in the directory
0777 = YOU DO NOT DO THAT!
So to give you the answer in a jar ...
# chmod 0711 /home
(they will not be able to see who else has a home directory)
# chmod 0711 ~user
(make user's home directory only viewable to the user)
This is somewhat similiar to the "Mandrake 7.1 (server) with extra
security" default permissions.
--
Stephen Cope - http://sdc.org.nz/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 250 bytes
Desc: not available
Url : http://www.kernel-panic.org/pipermail/kplug-list/attachments/20020310/e200e3e6/attachment-0001.pgp
More information about the KPLUG-List
mailing list