Where should I store private/restricted files?

Hi all,

I've created an application that uses an XML file to tailor to user's
settings. The XML file is generated by rails and is unique to each
user. Currently, I'm storing them as public/settings/#
{user.login}.xml. However, these files must be private and only
accessible by those users alone. I'm still new to rails, so the only
real way I know how to authenticate is on controller actions. I've
done some research on this issue, but most of the answers I've found
were pertaining to file uploads.

How should I store these XML files to restrict them from the general
public view?

However, these files must be private and only
accessible by those users alone.

Store them anywhere you want, just not inside /public/

For example, store them in #{RAILS_ROOT}/user_xml_files

Then have your app access the file if the user has permission.