On Wednesday 12 December 2007, Dirk Heinrichs wrote: > Am Mittwoch, 12. Dezember 2007 schrieb Grant:
> > I've noticed when adding this kind of a user in the past they are able to > > look at files all around the system that I'd prefer they can't. > > Why? System directories look nearly the same on any Linux system, so it > doesn't really make sense to restrict read access to them. For other, > private directories you could take away permissions for "others" (i.e. > chmod 750 mydir) and in addition _don't_ put that user in the users group, > or use ACLs for more fine grained access control (see man getfacl, man > setfacl). Only to add to the above that as an alternative to having a users group for all your users you can instead create a <user_name> group for each user_name. This way you isolate your users from each other as long as the user_name:users ownerships become user_name:user_name. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.