A question can only have one accepted answer. Are you sure you want to replace the current answer with this one?
You previously marked this answer as accepted. Are you sure you want to unaccept it?
Write for DigitalOcean
You get paid, we donate to tech non-profits.
Find and meet other developers in your city.
Contribute to Open Source
How to make sftp user not have access to hidden files?
Add comments here to get more clarity or context around a question. To answer a question, use the “Answer” field below.
Hidden files don’t have special permissions, use chmod/chown just like any regular file or dir.
You can type !ref in this text area to quickly search our full set of tutorials, documentation &
marketplace offerings and insert the link!
I know how to chroot (jail) a user to a folder, but now i need a user to be able to upload and edit but not download files (is this possible). I guess it does not make any sense right. Ha ha ha.
I have two users who are only ftp users I set them up using [this guide ](https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-for-a-user-s-directory-on-ubuntu-16-04)
I would like to change their default permissions when creating files to 775 instead of 755.
It seems like what I want is umask.
But umask doesn't have an option to set for another user, only the logged in user (`umask 002`) and these users do not have ssh login, only ftp access.
So I need some way of changing the umask of these users as root or sudo.
There appears to be ~.profile but I changed the settings in here and it didn't make a difference
Can anyone explain where I can change the umask for these users?
Building out a platform that has a number of systems that will each need authentication. Some of these systems are public facing websites that will be used by the public and other systems are internal use only. Started to build out an OpenLDAP instance to support this, but then wondered if I should be doing more regarding public external users and trusted internal users. Could set this up with a ldap domain and then separate children, one for external and one for internal, but that seems like a potential security risk. Do people typically run two ldap servers and use a cron to sync the intranet ldap users to the dmz ldap or is there a best practice for this?
Hello Digital Ocean Community -
I have done the following:
root@www:~# sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub
root@www:~# grub-install /dev/vda
Is this SAFE for security bug if I do this before the patch?
Anyone know how I can fix this issue? Thank you in advance for any help!