limiting users to their home directory
Bart Silverstrim
bsilver at chrononomicon.com
Tue Dec 23 13:54:37 UTC 2008
Brian McKee wrote:
> On Mon, Dec 22, 2008 at 10:53 PM, Nick Smith <nick.smith79 at gmail.com> wrote:
>> I run a small webserver with ubuntu 7.04 and would like to lock each
>> user down to be able to see/edit only files in his directory,
>> and disable ssh access.
>
>> Seems like that would be a huge security risk to have a user able to
>> browse to any directory he wishes and open/download the
>> contents.
>
> Can't have your cake and eat it too (so to speak)
>
> He has to be a user to use ssh. A user has to be able to access a
> large number of folders outside his home folder or he can't use the
> system (like /bin for instance....) Thus, if he has ssh access, he
> can read all sorts of folders, because he has to be able to! The Unix
> guys got this stuff figured out a long time ago. Now, read only
> access isn't that useful - as someone else pointed out it's quite
> arguable that there's not much risk there.
Just as a side note, the OP might be thinking of security as in other
users and documents, not necessarily system security. While read-only
access to the system's binaries isn't necessarily bad (well,
read/execute) the ability to read a spreadsheet from Payroll or HR memos
may be considered a Bad Thing(tm)
:-)
Just a consideration, that's all. I haven't followed the thread.
More information about the ubuntu-users
mailing list