User can see other users folders when they don't have permissions?


I've just setup a website for my friend on my Linux box and am using his usernames home folder to host the website files "jamesp". I've also got a couple of other users on the box, listed below.

I've also registered a rsa key pair and set him up SFTP access and set this up with Filezilla so he can access his area to upload files.

Trouble is, is when I connect in Filezilla I can see both the other two users home area. As you can see in the permissions snippet, the "jamesp" user doesn't have user or group access to the other folder so how can he see them?

What user can see in Filezilla

drwxr-xr-x  5 jamesp  www-data 4096 Dec 15 11:02 jamesp
drwxr-xr-x  4 johnasp johnasp  4096 Nov 25 05:52 johnasp
drwxr-xr-x  4 wp-user wp-user  4096 Sep 29 08:49 wp-user


Posted 2015-12-18T18:43:51.767

Reputation: 11

2I can clearly see read access - r - for everyone on all those directories. – Oleg V. Volkov – 2015-12-18T18:48:41.947

1And the "x" = execute, to search/navigate into directories if I'm not mistaken – Xen2050 – 2015-12-18T20:02:39.590



drwxr-xr-x  5 jamesp  www-data 4096 Dec 15 11:02 jamesp
drwxr-xr-x  4 johnasp johnasp  4096 Nov 25 05:52 johnasp
drwxr-xr-x  4 wp-user wp-user  4096 Sep 29 08:49 wp-user

According to the permissions shown here "all users" have both Read and eXecute permissions on all those folders.

The permission in the command line is displayed as: _rwxrwxrwx

User rights/Permissions

  1. The first character (that is marked with an underscore) is the special permission flag that can vary.
  2. The following set of three characters (rwx) is for the owner permissions.
  3. The second set of three characters (rwx) is for the Group permissions.
  4. The third set of three characters (rwx) is for the All Users permissions.

Above blurb and more info available at Understanding Linux File Permissions.


Posted 2015-12-18T18:43:51.767

Reputation: 103 763

Ah right, I understand now. I did wonder what group of user the last three characters related to. Thanks for that. – JohnAsp – 2015-12-19T10:02:59.000


  1. Directories can be "seen" even if someone doesn't have permissions to read or write unless if you put them inside another directory which they can't read.

  2. The directories can be read and changed to by all users. If you wish for each user to be restricted to reading only their directories, simply run chmod 750 * (assuming that each directory in the current directory is to be restricted). 750 means that the user can do anything, the group can read and execute, and anyone else can't do anything.


Posted 2015-12-18T18:43:51.767

Reputation: 420

OK, so the last three characters represent "all other users", I get that bit now, which I didn't before. So what user group would a person who was browsing the web site pages come under? "All users" I'd guess. So if I chmod 750 that top level folder recursively, does that mean that they won't be able to see the website at all though? – JohnAsp – 2015-12-19T10:02:39.890

"Seeing" the website is different than "seeing" the directory. Seeing the website depends on the permissions you give the group/user which runs the web server software (i.e. the group www-data probably is the web server's group). The web server reads the files and provides the website over the internet. – p1xel – 2015-12-19T22:57:11.600