Hello,

Well I am having problems setting user permissions in SSH (I want to only allow each user access to view their own files (and when they use FTP they get lead to their /username/ directory (but for some reason they can browse other peoples account (but fortunently not able to tamper with their files, but still I would rather the extra security.)

So basicaly:

I want to be able to set in their SSH account & their FTP account permission to only access & view their /username/ directory. If they attempt to go up a directory it will deny them access... Does this sound possible, because i've read on some websites and i'm unable to get these permission to work.

Thanks for reading my rant and hope you can help me out...

Thanks.

ok i did this locally but the principle is the same i guess:

example:

chakkerz@laptix chakkerz $ cd /home/zebra
chakkerz@laptix zebra $ ls
hons_2005.rar

fix that:
chakkerz@laptix zebra $ su
Password:
root@laptix zebra # chmod 700 ./
root@laptix zebra # exit

counter example:
chakkerz@laptix zebra $ cd ~
chakkerz@laptix chakkerz $ cd /home/zebra
bash: cd: /home/zebra: Permission denied
chakkerz@laptix chakkerz $

OK I actually did make two changes in that - i removed execute and read capabilities from other users in the same group and other users in general:

the first digit in the chmod assigns the owners priviledge -> 7 gives read write execute (executing a directory means the ability to change).
restricting it for other users of the same group, or other users generally to 0 (ie no read, no write and no execute) means they can't change into that directory

If you did :
chakkerz@laptix zebra $ su
Password:
root@laptix zebra # chmod 711 /home/zebra
root@laptix zebra # exit
chakkerz@laptix zebra $ cd ~
chakkerz@laptix chakkerz $ cd /home/zebra
chakkerz@laptix zebra $ ls
ls: .: Permission denied

they can change to the directory, but not read the contents
(a 722 doesn't really give listing capabilities because they still can't look in there)

so to get the restrictions you request either a 711 (with appropriate file restrictions inside the directory (they can't get a listing but read individula files)), or a 700 which is more secure in terms of not seeing data.

woops, I made a mistake...I somehow did a chmod now no users can access their account, they can't even get in their account AT all...

I can't even su username (as root)

what do I do?


thanks.

edit:
chmod ###'s don't seem to have an affect? I think I got chmod -R working....but i don't no - so confused...


login as: nickname
nickname@domain.com's password:
Could not chdir to home directory /home/nickname: Permission denied
-bash: /home/nickname/.bash_profile: Permission denied
-bash-2.05b$


edit: fixed

check out the chroot option. i've read up on it and it allows users to be caged in their home directories.

chroot might take more work than expected to get it to work correctly.

When you're logged in as root, what does say?