wiki:faq/files/privacy-standard-servers

Version 3 (modified by Jamie McClelland, 12 years ago) (diff)

--

How do I share and restrict access to my files?

If you have ever used ssh or sftp to login to a May First/People Link server, you've probably noticed that you can explore the entire server's directory structure. You can go all the way to the top of the filesystem hierarchy (know as the root directory), explore the server configuration directory (/etc) and even traverse the directories of other members (/home/members). At first glance, it may even appear that you can view every file and directory on the entire server.

In practice, however, you will find that certain files and directories are restricted. For example, /etc/shadow, which contains user passwords is restricted. So is every member's mail directory. You'll also find that the settings.php file containing the database username and password for Drupal installations is only read-able by the owner of that web site.

This page attempts to give an overview of how file sharing and permissions work on our standard servers to help members make smart decisions on how they want to share and restrict access to their files. There are a number of discussions proposing changes to our system (see below for links to those tickets).

General policy

The general policy is: open first, close second. In other words, rather than restrict users from reading all files and directories and then selectively opening the ones they are allowed to have access, we open access to everything, and then selectively restrict access to the files and directories they should not have access to. This approach is based on good security: by focusing on the few places that really need to be restricted we can more effectively maintain security than by attempting to secure much more than is necessary. It's also based on a principle of collaboration: we want our members to share with each other, to see who is on their server, and to have the opportunity to explore how our servers are configured and setup.

The details

When it comes to privacy, there are several areas of the file system to consider:

  • Server/system files. Nearly all files that are not in the /home/members directory are server/system related files. Members cannot write to any of these files, however, members can read almost all of them. There are only a handful of files and directories that contain security related information that are restricted.
  • Member directories and sites directories. Each members has a directory in /home/members. All members can read and explore these directories. In each member directory, there are one more more site directories. For example:
    • /home/members/mayfirst/sites/mayfirst.org
    • /home/members/mayfirst/sites/members.mayfirst.org

Typically, each site directory has the following sub directories: logs, include, web, and users. Let's consider each one separately:

  • logs - the logs directory contains the web logs for the member's web site. It is not writable, not even by the member who owns the sites. It is only readable by users created by the member who owns the site.
  • include and web - these directories, by default, are readable by everyone. They can only be written to by users created by the member who owns site.
  • users - the users directory is the most complex. It contains a subdirectory for every user created by the member who owns the site (these are referred to as home directories). It is readable by everyone, meaning everyone can see a directory listing of the users. For users who were created prior to mid August 2008, the home directories in the users directory are also readable by everyone. In mid August 2008, we changed that policy so that home directories, by default, are only readable by the owner of the home directory. Home directories are only writable by the owner of the home directory.