From owner-freebsd-questions@FreeBSD.ORG Wed Feb 11 16:40:46 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9DCDE106564A for ; Wed, 11 Feb 2009 16:40:46 +0000 (UTC) (envelope-from keith@academickeys.com) Received: from afekan.academickeys.com (afekan.academickeys.com [24.248.88.153]) by mx1.freebsd.org (Postfix) with ESMTP id 6D97E8FC08 for ; Wed, 11 Feb 2009 16:40:46 +0000 (UTC) (envelope-from keith@academickeys.com) Received: from localhost (unknown [127.0.0.1]) by afekan.academickeys.com (Postfix) with ESMTP id D5163325140; Wed, 11 Feb 2009 11:22:21 -0500 (EST) X-Virus-Scanned: by amavisd-new-2.5.2 (20070627) (FreeBSD) at localhost Received: from afekan.academickeys.com ([127.0.0.1]) by localhost (afekan.academickeys.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UvJJIg+j2aEX; Wed, 11 Feb 2009 11:22:18 -0500 (EST) Received: from www.academickeys.com (localhost.offsitenow.net [127.0.0.1]) by afekan.academickeys.com (Postfix) with ESMTP id E44CF325044; Wed, 11 Feb 2009 11:22:17 -0500 (EST) Received: from 12.68.55.226 (SquirrelMail authenticated user keith@academickeys.com) by www.academickeys.com with HTTP; Wed, 11 Feb 2009 11:22:17 -0500 (EST) Message-ID: <53134.12.68.55.226.1234369337.squirrel@www.academickeys.com> Date: Wed, 11 Feb 2009 11:22:17 -0500 (EST) From: "Keith Palmer" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.9a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 (Normal) Importance: Normal Content-Transfer-Encoding: quoted-printable Subject: Restricting users to their own home directories / not letting users view other users files...? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2009 16:40:47 -0000 OK, I'm sure this question has been asked a million times, but I havn't been able to find a straight answer that actually solves the problem, so here goes. We have a FreeBSD server with multiple users. I would rather each user *not* be able to view other users' files via an SSH or SFTP session. i.e. if I'm logged in as "keith" I should *not* get a list of files when I do "ls /home/shannon" I realize I can fix this by setting the permissions on the "/home/shannon= " directory to 700. *However* then Apache (running as user "www") won't display the documents in "/home/shannon/public_html" from "http://ip-address/~shannon/", instead returning a "403 Forbidden" error. Sooo... how can I set this up so that users can't view other user's files= , but Apache still works? I would prefer *not* to use jails, as it sounds like a lot of overhead an= d complicated to set up... is there another way? I've looked at rbash, but it looks like it disables a whole bunch of othe= r stuff. My users still need a usable SSH shell. I've looked at rssh and scponly, but they seem to disallow SSH shell access completely. Thanks in advance! --=20 - Keith Palmer Keith@AcademicKeys.com http://www.AcademicKeys.com/