- Telling Your Server How To Share with Other Macs
- Now That the Servers Ready to Share, Create Some Share Points
- Three Share Points that Apple Assumes You Need (But You Probably Dont)
- Making Share Points Behave
- Automounting Share PointsIts About More than Just Connecting Them
- Giving Permissions to Share Points and Files Within Them
- When Owner, Group, and Everyone Arent Enough: Access Control Lists
- Theres No Place Like Home, Even If Its a Home Directory Nowhere Near Kansas
- Configuring Home Directories
- Using Quotas to Keep Users From Storing Too Much Stuff
- When Do You Actually Build Home for Your Users?
- Securing Home Directory Access
- Making Users Feel More At Home By Altering the Home Directory Template
- Saying Goodbye to Users and Deleting Their Home Directories
Securing Home Directory Access
By default, users have read access to the root level of other user’s home directories. There are two ways to secure home directories from such access. The first is to modify the permissions on the home directory template (which is the basis of all user home directories) so that individual folders within each newly created home directory allow only the owner of the home directory access to those subfolders. This approach works well if you are making other modifications to the template or want users to have read access to only specific parts of each other’s home directories.
The second (more secure) approach is to change the permissions on all home directories after they are created. This approach involves some work as root in the terminal and can be performed on a share point–by–share point basis, meaning that you can secure some home directories and not others. This is particularly useful in a school situation, in which you want to secure faculty and staff directories from students, but not vice versa. Use the following commands as the root user or after using the su command while at or just above the root level of the share point containing the home directories that you want to secure (change directoryname to match the name of the folder where your home directories reside).
chmod -R 700 /directoryname chmod 755 /directoryname cd directoryname chmod 666 .DS_Store chmod 333 Shared