Folks - I’ve signed up for a Webfaction shared hosting account. When I FTP in I can navigate to the “home” directory. In “home” I can see all the other users on the machine (it’s a shared drive). Whilst I can’t get access to each users’ folder, I’ve never seen this before on any shared host. What concerns me is that the name of your individual home directory is also your username, so in essence I can see all the other usernames on the machine I’m on. Is this normal or does it raise any security flags?
Doesn’t sound normal to me. Your root directory (‘home’) should be the highest level you can reach. Did you ask your host about it?
Yes they said that this is “standard practice” and is how the operating system (Redhat) works… That was via text chat, so I’m not sure how technical they get on the other end…
I’m not an expert, just a user, so let’s see what others have to say. But it doesn’t sound very “standard” to me.
Yuor FTP account should be more limited than that, you shouldn’t be able to navigate beyond your home on a shared server - maybe report this to your host as a security risk? see what they say?
I don’t think they see it as a security risk.
Depends, personally… being able to see other users on a shared server I would call a risk myself 
They probably don’t and technically, it isn’t one. I recall that PairNetworks, an otherwise highly regarded host, got similar complaints from some of its customers some years ago. Their typical response was that security by obscurity is not real security, and that their servers were secure.
If we consider cPanel as “standard”, then seeing all the other users’ home directories is not “standard”. Webfaction I’m sure has a proprietary control panel though, so by definition they’re not “standard”, and I doubt they have the inclination to become that.
They’re not a new host, nor a small host, so we can suppose that their security has been tested over time by eager hackers.