|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] ssh key based authentication
|
> Directory .ssh should be 700, and 600 on the authorized_keys files.
A 711 $HOME might be a good idea too (in general). You can always
create subdirs in your $HOME as 755 which you can put things which you
explicitly want others to see. Or 777 if you want them to be able to
put stuff there too - even 733 if you want them to be able to put
stuff there w/o seeing what's otherwise there (a black-boxed dropoff
directory).
It's easy enough to play with / confirm all this, make a toy account,
set its $HOME as 711, then mkdir test as 755 and touch a file in it.
(mkdir test, chmod 755 test, touch test/foo).
Then from another account, you should _not_ be able to ls the $HOME of
the toy account (ls /home/toy should get an error), but you should be
able to see into the test directory (ls -l /home/toy/test/foo).
Regards,
Kyle
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|