diff --git a/_embed/public/css/styles.css b/_embed/public/css/styles.css
index 0fa6c0cc..c35c1802 100644
--- a/_embed/public/css/styles.css
+++ b/_embed/public/css/styles.css
@@ -1164,7 +1164,7 @@ i.spin {
         color: #212121;
         display: inline-block;
         width: auto;
-        min-width: 0;
+        min-width: 16em;
     }
     header #search i {
         color: #6f6f6f;
diff --git a/_embed/templates/base.tmpl b/_embed/templates/base.tmpl
index 78c9aa10..1d45b405 100644
--- a/_embed/templates/base.tmpl
+++ b/_embed/templates/base.tmpl
@@ -51,7 +51,7 @@
                 {{ if .User.AllowCommands }}
                 <div id="search">
                     <i class="material-icons" title="Storage">storage</i>
-                    <input type="text" placeholder="Execute a command...">
+                    <input type="text" placeholder="Search or execute a command...">
                     <div>
                         <div>Write your git, mercurial or svn command and press enter.</div>
                         <p><i class="material-icons spin">autorenew</i></p>
diff --git a/handlers/search.go b/handlers/search.go
index 13fde593..63a97d25 100644
--- a/handlers/search.go
+++ b/handlers/search.go
@@ -10,6 +10,7 @@ import (
 	"github.com/hacdias/caddy-filemanager/config"
 )
 
+// Search ...
 func Search(w http.ResponseWriter, r *http.Request, c *config.Config, u *config.User) (int, error) {
 	// Upgrades the connection to a websocket and checks for errors.
 	conn, err := upgrader.Upgrade(w, r, nil)
@@ -18,11 +19,14 @@ func Search(w http.ResponseWriter, r *http.Request, c *config.Config, u *config.
 	}
 	defer conn.Close()
 
-	var search string
+	var (
+		search  string
+		message []byte
+	)
 
 	// Starts an infinite loop until a valid command is captured.
 	for {
-		_, message, err := conn.ReadMessage()
+		_, message, err = conn.ReadMessage()
 		if err != nil {
 			return http.StatusInternalServerError, err
 		}
@@ -41,9 +45,11 @@ func Search(w http.ResponseWriter, r *http.Request, c *config.Config, u *config.
 	scope = filepath.Clean(scope)
 
 	err = filepath.Walk(scope, func(path string, f os.FileInfo, err error) error {
-		// TODO: check user permissions?
-
 		if strings.Contains(path, search) {
+			if !u.Allowed(path) {
+				return nil
+			}
+
 			path = strings.TrimPrefix(path, scope)
 			path = strings.Replace(path, "\\", "/", -1)
 			path = strings.TrimPrefix(path, "/")