I was curious if it was possible to set up certain user permissions so they could not browse anywhere besides their home folder. If there is how do you do this or could point me in the right direction to find the answer?

If this is not possible what is the best way to secure the system without having to change up permissions of everything.

Thanks for the help in advance

Keyword would be.. chroot

A chroot would render the system useless for a user since you can't access anything outside of the jail. So then you will have to copy all the libs and binaries and config files into the jail which beats the purpose...

What you want certainly isn't easy to achive and it requires a LOT of configuration. Have a look at http://acl.bestbits.at/ and decide if that's what you need. It could also be achived with SELinux but that's probably even harder to set up.

I am assuming at this point in the game I would like to go with chroot. I am looking at only restricting certain users to their home folders so they cant browse around my system. I am relatively new to linux and do not feel comfortable messing around with permissions on all of the system files since I am not completely sure how they interact and what attributes are needed for each.


I just want to restrict certain users to their home folders.

I have looked at a few pages about the chroot command but I am still a little unsure of the syntax of the statements and how to enter them.

lets just say I have a user named user1. If I wanted to lock him to the home directory what would I do?


What would the syntax of the command be?? Could someone please help?

I would really like to try to tinker with these commands but I have a feeling that I would somehow lock myself out of my system and have to reformat again

Thanks in advance

I've used a package called jailkit which makes setting up a chroot jail fairly simple. Note that I said fairly -- it's a pretty advanced topic (but by no means impossible). Generally, the out of the box permissions on most distros are enough to keep users from doing major damage. You could also look into assigning them the restricted version of the bash shell (rbash, see the bash man page for more details).