In another aspect of the present invention a method is provided for enforcing computer-based file system security, the method including receiving a request associated with a user to access a directory in a file system, and providing the user with access to the directory only if the directory is associated with a file which the user has permission to read.