Users can reach other users home folders

[d_rylndr]

Any user can reach everything on the b3-server, including other users home-folders.

How can I set rights so users can only reach their own home folders + storage/SHARES?

As admin (or any other user) I can't set permission on home folders through web-interface, option is greyed out. Permission change on /storage/SHARES does work.
Do I have to ssh into b3 and set permissions on each home folder manually?
There is no difference if user reach b3 through samba, web-interface or FTP.

[RandomUsername]

Have you set up all the users through the web interface? I'm not sure that should happen.

[d_rylndr]

Yes, I have.
No, I agree, I think it should not happen.

[DanielM]

This is the default behaviour. That's why every users home directory contains a "private" folder. In that folder only the user is able to read. What you can do about this is running something like

Code: Select all

chmod -R og-rwx /home/username

(meaning recursively change so that group and others can't read, write or execute anything).

I'm not 100% sure this doesn't give any side effects though...

/Daniel

[Binkem]

I would in my opinion be better if you could create different groups of users: users with broad access (all folders (except for 'private') and users who can only access the storage and their own folder.

[DanielM]

I would in my opinion be better if you could create different groups of users: users with broad access (all folders (except for 'private') and users who can only access the storage and their own folder.

Well, you can. But not through gui. Might be a good thing for Excito to put in there though. Send them a suggestion

/Daniel

[d_rylndr]

I agree! The restricted group shouldn't even be able to see which other users there are on the server.

How can I create ftp-accounts with only access to home folder (and NOT to storage)?

[DanielM]

I agree! The restricted group shouldn't even be able to see which other users there are on the server.

How can I create ftp-accounts with only access to home folder (and NOT to storage)?

Well, today storage is world readable, so you'd have to do something like

Code: Select all

chmod -R o-rwx /home/storage

...and then remove the restricted users from the "users" group by editing /etc/group. I'm not sure about the effects of this either though...

/Daniel

[peter]

This is an 'old' problem, see my post below
http://forum.excito.net/viewtopic.php?t=1280

I asked excito to change this.
Now I manually change some files after every update.
Since the updates are very small this is not a big job but it is very inconvenient.