I have a standard (non-admin) user on my machine, and in that user's "sites" folder are several files I wish to make publicly accessible. Fine, no problem there (turn on Personal Web Sharing, done).
Now, I also want this user to be able to securely upload files remotely via SSH (SFTP) to his "sites" folder as well. OK. I've enabled Remote Access (port 22). Now, this user can log in (using his own
non-administrator username/password) via an application like Transport, and upload files to his account's "sites" folder.
Great. EXCEPT - he can still navigate to my (the administrator) folder and the root folders of the HD. WTF?
And the files there are fully modifiable.
Is something set up incorrectly? File permissions, I presume. What can I do to prevent what is essentially Root access to my whole machine from this non-administrator user?
Top
