Securing Home Directories (Allow Apache, disallow other users)

I run a small server for myself and friends, nothing super mission critical, so I want to allow friends shell access. The only problem is that nobody can always be trusted (I realize the paradox, let's just assume that I have to allow shell because God made it so, or something)

Basically, as far as I understand apache is running as 'nobody', and nothing else really needs to read off the /home/*/public_html/ or anything else that isn't that particular user.

So, what do I need to do in order put apache in a group with the users so that I can disallow the "other" people from even viewing the directory. In essense, I don't want someone to SSH in and be able to goto /home/brett and look at a PHP conf that has mysql user/pass, etc, etc.

Do I need to worry about anything else other than apache? Thats all my server really is... web, dns, ftp...

(I don't want to use restricted bash, I'm pretty sure you can't even cd in that, can you?)

Thanks in advance for any advice/help.
Brett

 

 

 

 

Top