Date: Fri, 26 Jun 1998 23:02:17 -0400 (EDT) From: CyberPeasant <djv@bedford.net> To: keith@blueberry.co.uk (Keith Jones) Cc: andre@pipeline.ch, questions@FreeBSD.ORG Subject: Re: Homedir 'hiding' Message-ID: <199806270302.XAA04089@lucy.bedford.net> In-Reply-To: <19980626154806.00479@blueberry.co.uk> from Keith Jones at "Jun 26, 98 03:48:06 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Keith Jones wrote: > On Fri, Jun 26, 1998 at 03:37:46PM +0200, IBS / Andre Oppermann wrote: > > > We give our customers at the moment only chrooted ftp access (ftpd > > with internal LS) to their www-homedirs. Some users however ask for > > telnet access. > > > > The problem we have is that if someone logs in that person can see > > all homedirectories of other customers. The user with telnet access > > has an own group but can still see the other homedirs but not enter > > them (no permission of course). > > > > My question is now: what can I do that the telnet users cant see > > the other homedirs (don't tell me 'rm -R *' ;-)). > > > > PS: I have tried to set the permissions to drwx------ but it is > > still visible with ls. > > It depends on how your partitions are set up. /home is usually, but not > always, a symlink to /usr/home. If this is so, use > > chmod 511 /usr/home > > If this is not so - for instance, if the /home tree is on its own partition - > then you need to > > chmod 511 /home > > N.B. Some shells may complain about this. tcsh, for instance, will generate > the following error on invocation: > > tcsh: Permission denied > tcsh: Trying to start from "/home/<user>" > > [tcsh will still work, but the error is a bit annoying.] > It's not clear what Andre is trying to hide. If it's simply the names of other user's homedirs, nothing that is done to /home/* will prevent a telnet user from simply doing cat /etc/passwd and recovering the information about users that is there -- including home directory names. Dave -- http://www.microsoft.com/security: `Microsoft Windows NT Server is the most secure network operating system available.' Don Quixote: `You are mistaken, Sancho.' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806270302.XAA04089>