Prevent access to files of other users

Question

In my server (cpanel) I see now that with a simple DIR script (PHP) I can list files of all users over public_html

/home/[user]/public_html/

How can I prevent users from accessing the files of other users?

score 2 · Answer 1 · answered Feb 18 '10 at 08:34

Your best bet, guessing that all users have different user id's, is to have their homes set to 0711 that is, readable, writable and executable to them, and only executable to others.

For a directory, the executable bit means that you can go in it but you can't list the content, which is what you're looking for.

score 0 · Answer 2 · edited Nov 29 '21 at 12:47

0

When you create a user, create a group also with the same name

eg:

groupadd mike
useradd -g mike mike

and change group of all folders owned by user 'mike' to group 'mike'

chgrp -R mike /home/mike/

chmod 770 to all folders and chmod 640 to all files

and make all user's umask value to 0[2|7]7 in /etc/bashrc, which will help to make these settings persistent for user accounts which will be created in future

edited Nov 29 '21 at 12:47

Muhammad Dyas Yaskur

517
2
22

answered Feb 18 '10 at 12:07

As it seems to be a `public_html` problem, I think the web server will need to access the files, setting the homes to 770 will not allow that unless the group of the home directory is the same as the web server, and in that case, all users with web server privileges will be able to look into the files. – mat Feb 18 '10 at 13:17

Prevent access to files of other users

2 Answers2