Home / server / Questions / 161506
Accepted
Dr Hydralisk
Asked: 2010-07-19 00:10:14 +0800 CST

Is it safe to give each client a home directory?

  • 772

I am creating a small game server hosting company (just to help me learn Python, Django, and server administration) and thought that when the user signs up it will create a home directory for them so that instead of having game servers somewhere else it will be easier to manage if each person gets there own home directory to put the server files in (they get an actual Debian account that is the same as there username on the website). Is this a good idea and are there any security risks and how can I mitigate them if there are any?

linux security

1 Answers

  1. Best Answer

    Whether or not to use "home" directories sounds like more of a design decision than necessarily just security. But wherever your store user-created files:

    • Use a dedicated partition. You do not want a user being able to halt logging and other system level stuff that needs root. This also makes upgrades and migrations way easier. If you're paranoid, then put them on dedicated hard drive(s).
    • Qoutas. Likewise, you don't want one user to bogart all the space and ruin everyone else's fun. Setup reasonable soft and hard quotas to prevent this.
    • Noexec. Mount the partition with noexec and nosetuid so that users can't upload and execute anything nasty (as easily). You likely want to do this with /tmp and other places your server writes files out to as well.
    • Backups. These are likely the most important files on your server, as you could rebuild the rest. Treat them as such.
    • Permissions. Make sure the default umask is what you want it.
    • public_html. Unless it's what you want to offer, check that the web server isn't configured to serve up user webpages.
    • 3