possible to stop other users from looking at files of other home directories?

Question

i have to enable apache website access using suphp and enable ssh as well. i have enabled cagefs but i am not able to chroot each user into their own directories. I want that no user leaves his home directory to see files of other users.

When is set directory permissions of /home/user1 to 700, i get error that apache cannot read the .htaccess file inside the website. it only works with permission 755 (other users having read permission). is there any way out with using suphp? that i can use permissions 700 for all home directory users? or may be 750 ?

I dunno if it can help you, but here yuo can find a nice article on Chroot Jail : http://www.cyberciti.biz/tips/howto-linux-unix-rssh-chroot-jail-setup.html — Froggiz, Nov 03 '16 at 21:27

score 1 · Accepted Answer · answered Nov 03 '16 at 17:06

1

You can add an extended acl to all the home directories:

setfacl -m u:apache:rx <user's home>

If needed you can add the same acl again, just include the .htaccess file. That way you can maintain the POSIX permissions of 700.

answered Nov 03 '16 at 17:06

Brett Levene

776
6
9

setfacl: /home/user2: Operation not supported :( – Farhan Nov 03 '16 at 17:11
You may need to install the package first, although it is a little strange it's not there. – Brett Levene Nov 03 '16 at 17:18
...or if you're using Ubuntu you might have to amend your fstab to allow acls. – Brett Levene Nov 03 '16 at 17:23

possible to stop other users from looking at files of other home directories?

1 Answers1