How do I set up Enhanced User Security? - Gregg Hosting

The affects of Web Hosts on Your Business Website

Here're ways your choice of web hosting service provider impacts the performance of your business:


check

Website loading speed

check

Uptime and availability

check

Customer support

check

Security

check

Server location

How do I set up Enhanced User Security?

How do I set up Enhanced User Security?

Overview

Other users won’t be able to access your home directory if you activate the Enhanced User Security setting. This option is enabled by default for all newly created users.

To prevent other users from accessing your data, GreggHost strongly advises that you maintain this security setting activated.

Enabled

By default, Enhanced User Security is enabled, which changes the group to ‘adm’ and sets the user’s home directory permissions to ‘710’:

user1 adm 4096 drwx—x—- 18 drwx—x—- drwx—x—- drwx— 12th of January, 14:05 user1
The following are the results:

When the option is disabled, the user and their scripts have the same access to the home directory.
Your home directory is no longer accessible to other GreggHost users. No matter how loose the permissions are set, they won’t be able to access your home directory, subdirectories, or files.
Because the Apache user belongs to the ‘adm’ group, he or she still has access to the home directory.

Disabled

When this setting is disabled manually, the user’s home directory permissions are set to ‘751,’ with the group set to the user’s account group shown as

The following are the results:

User scripts (such as PHP) that run as the user have complete read/write access to their own home directory.
Other users on the same account have full read/write access to the home directory, with the exception of being unable to modify, delete, or create files or directories. They can, however, do these operations in subdirectories with group +w permissions (e.g., users with rwxrwx—x rights).
Your home directory is accessible to other GreggHost users on a limited basis. They can’t access the home directory’s filename list, and they can’t modify, delete, or create files or directories. They can, however, read any other file or directory listing accessible to the web server if they know or can guess the path and filename. They can also read and perhaps write to any file or directory with loose permissions; for example, users with ‘755’ (rwxr-xr-x) or ‘777’ (rwxr-xr-x) or ‘777’ (rwxr-xr-x) or ‘777’ (rwxr-xr-x) or ‘777’ (rwxr-xr-x) (rwxrwxrwx).