web_user see's all the files on the server

Discussion in 'Installation/Configuration' started by THE_AI, Jan 20, 2008.

  1. THE_AI

    THE_AI New Member

    Hello!
    I'm having the following problem.
    If I create a user for my web site, then this user has a full access though sftp to the www, home and the root directories on the server.
    That look as a huge problem for me. Why should it be allowed to a user to look all directories? It is true, that you cannot delete something that is not in your folder, but I can download all the files and look them. Not exactly all files, but the most of them. There are some files that I can not read or download with chmod 701 or so.

    What should I do to secure my server? I want that all the files on the server are visible only to the admin, and that a user doesn't see more, than his own files.
     
  2. enetco

    enetco New Member

    Last edited: Jan 20, 2008
  3. THE_AI

    THE_AI New Member

    Well, we use Debion64 etch.

    Thank you for the help!
     
  4. falko

    falko Super Moderator ISPConfig Developer

Share This Page