limiting users to their home directory
Brian McKee
brian.mckee at gmail.com
Tue Dec 23 13:42:37 UTC 2008
On Mon, Dec 22, 2008 at 10:53 PM, Nick Smith <nick.smith79 at gmail.com> wrote:
> I run a small webserver with ubuntu 7.04 and would like to lock each
> user down to be able to see/edit only files in his directory,
> and disable ssh access.
> Seems like that would be a huge security risk to have a user able to
> browse to any directory he wishes and open/download the
> contents.
Can't have your cake and eat it too (so to speak)
He has to be a user to use ssh. A user has to be able to access a
large number of folders outside his home folder or he can't use the
system (like /bin for instance....) Thus, if he has ssh access, he
can read all sorts of folders, because he has to be able to! The Unix
guys got this stuff figured out a long time ago. Now, read only
access isn't that useful - as someone else pointed out it's quite
arguable that there's not much risk there.
If you want to restrict them further, then don't make them a real user
on the system. ssh is out.
Brian
More information about the ubuntu-users
mailing list