Kyle R. Burton on 2 May 2008 13:21:52 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ssh key based authentication

>  Directory .ssh should be 700, and 600 on the authorized_keys files.

A 711 $HOME might be a good idea too (in general).  You can always
create subdirs in your $HOME as 755 which you can put things which you
explicitly want others to see.  Or 777 if you want them to be able to
put stuff there too - even 733 if you want them to be able to put
stuff there w/o seeing what's otherwise there (a black-boxed dropoff

It's easy enough to play with / confirm all this, make a toy account,
set its $HOME as 711, then mkdir test as 755 and touch a file in it.
(mkdir test, chmod 755 test, touch test/foo).

Then from another account, you should _not_ be able to ls the $HOME of
the toy account (ls /home/toy should get an error), but you should be
able to see into the test directory (ls -l /home/toy/test/foo).


Philadelphia Linux Users Group         --
Announcements -
General Discussion  --