Users being able to view above /home directory using WinSCP

[whazapa]

Hello Guys

Im currently a vps customer of JaguarPC and I had this problem before that was solved by one of JaguarPC support staff. I am asking this because I want to learn it how to secure it. Sorry if this question of mine has been answered somewhere in this forum.

I dont know if Im explaining this properly but Ill try my best anyways.

users are able to see above (/home/user) thier own directory and view all the server folders and files such as etc/ var/ root/ using WinSCP

can somebody please teach me what to do and how to prevent this... thank you

[Vin DSL]

I don't know if there's any way to stop them...

這個行為是依據為原始的產品設計。

[whazapa]

I don't know if there's any way to stop them...

這個行為是依據為原始的產品設計。

as i said JaguarPC's Technical Support did it allready into my server.. they fixed it allready.. its just that I wanna know how they fixed it.. I didint wanna ask them because Im afraid they wont tell me how they secured it...

[Ron]

with ftp maybe, but maybe not with a shell access proggie.

I don't know for sure though, so my answer is worthless to you.

[Gwaihir]

Is it a problem? Aside from their own, they can only see (and touch) folders and files that are world readable. Their access permissions are applied.

[jason]

What you are reporting is the normal way a server works. If you are running cPanel and set your users up to use JailShell then they'll be in a chrooted environment where they'll only be able to see files that concern them--take a look at /etc/passwd, the only accounts you'll see listed when using JailShell are the service accounts (apache, mysql, shutdown, etc.) and the user's own account, not any other actual users. Other things that can be seen include some config files and the various binary (/bin, /usr/bin, /usr/local/bin, etc.) and library directories, all of which are vital to being able to do anything in the shell environment.

I don't use cPanel, so I don't know how it implements things, but most systems implement a directory structure somewhere (often /chroot) which contains hard links to those resources that should be available to the chrooted user. When the user logs in his root is changed to this directory which enables him to only see what you want him to see. Support probably just removed some of the links from this location but, again, I'm not a cPanel expert so I can't say for sure.

You can read a good deal about chroot and how it works here: http://en.wikipedia.org/wiki/Chroot

Hope this helps.

--Jason

[Gwaihir]

things that can be seen include some config files and the various binary (/bin, /usr/bin, /usr/local/bin, etc.) and library directories, all of which are vital to being able to do anything in the shell environment.

[..]

which enables him to only see what you want him to see.

The point being: you probably WANT your user to see those things. It is not a security risk, but part of what makes shell access useful.