Finer grained control

There are situations where different classes of user should be limited in different ways. For example, developers working on a site should only be able to see the section they are responsible for, whereas the sysadmins and supervisors need to have a wider view on the server. This can be acomplished either by setting the $HOME of each user to the location on the disk which is most appropriate, or more commonly by using system groups.

Example 9-3. DefaultRoot, modified by system group

# A more complex setup where all users are locked into 
# their home except those in group 'staff' who are 
# locked into /u2/allweb
DefaultRoot ~ !staff
DefaultRoot /u2/allweb staff