Securing sshd

[ihth]

I have sshd setup on my server and I have run into a small dillema. I have apache virtual hosts setup for the various domains. Each domain has it's own home directory and a user of the same name as the directory. If 2 users, for example x and y both had their files which they wanted to keep private, my server fails badly. Write access is disabled on eachothers dirs, but they can still read eachothers files with nano.

I tried chowning the dirs to the relevant users and chmoding them to 0700. This works perfectly for ssh, but apache then gives the access forbidden message.

Anyone got any ideas as to how I can still give apache access to the files and still give the relevant owners access to their home dir, but without giving other ssh users access.

Any help would be appreciated.

~ihth~

[Roxoff]

Make sure that the apache user (apache, or httpd or whoever it is on your system) is listed in the /etc/group file as a member of each users groups, and make sure that different users are not listed in each others groups. Then you can restrict access for non-group members (i.e. exclude other users) but allow group access (including apache in this case) to read the files, e.g.

Code:

drwxr-x---   fred     fred    4096   ....  fred

and in /etc/group:

Code:

fred:x:500:apache