With CloakFS, users can't see each other or see/access other users' files and processes.
CloakFS is kernel-based instead of PAM-based, which has important advantages:
- More user-friendly
- No more PAM configuration, copying files, or preparing special file systems to hide files
- Automatic blocking of all external methods for listing users' home directories. (No more need to address each method individually at higher levels) Other users' files are invisible even if accessed via these methods:
- Apache/LiteSpeed (suexec, suPHP, mod_fcgid, mod_fastcgi)
- Symlinks and hard links
- A wide array of other protocols. No more chasing down new or changed protocols.
Very shortly, CloakFS will also hide /etc/passwd/, named.conf, and system log files. It will also hide root processes from users and block programs with the suid flag set.
Add to Favourites
Print this Article