This might not seem as a development question, but in essence it is. Let me explain how. Our main development focus is dynamic content pages. Some of our customers have asked us to allow them space in our servers (which they pay) for their old static content. We use to accomplish this by giving the customer a ftp account to a different domain. (e.g. Customer domain is customer.com but they were accessing their static content through otherdomain.com/customerstatic).
Now we want to increase the security giving customers sftp accounts in their linux servers. I am using openssh/sftp-server in their shell environment so they are unable to log in or execute commands.
The problem is that by nature many file system files are by default (drwxr-xr-x) which means that any user will be able to read the content of the directory and possibly some files. I don't think that changing the whole file system to -rwxr-x--x is a wise move since I don't know how many system files will need that read permission.
Have someone confronted this issue in the past. If you have, could you enlighten the way?
Thanks