LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 08-22-2006, 09:30 AM   #1
wilberto83cg
LQ Newbie
 
Registered: Jul 2006
Distribution: FC3,FC5, Solaris8,9, SUSE 10.1
Posts: 12

Rep: Reputation: 0
Make home directory private to other users


Hello:

I want to make other users home directory invisible, so when someone log on the machine they just see their home directory.
 
Old 08-22-2006, 09:40 AM   #2
homey
Senior Member
 
Registered: Oct 2003
Posts: 3,057

Rep: Reputation: 56
I don't know about invisible but, I make it locked so nobody can see what's inside.
For example:
Code:
chmod 750 /home/fred  ## this makes the users folder forbidden to others.
 
Old 08-22-2006, 09:42 AM   #3
lordtweety
Member
 
Registered: Mar 2004
Location: Sydney
Distribution: Yoper 3.0
Posts: 87

Rep: Reputation: 15
Try this at a console:

Code:
$ su
(here enter you root password)
# chmod 700 /home/(user)
Not 100% sure if I remeber this correctly but that should make the directory only visible by the owner of that directory.
 
Old 08-22-2006, 09:43 AM   #4
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374
Hi,

@Homey: Shouldn't that be 700 instead of 750?

If fred's group is users and druuna's group is users I will be able to see/browse fred's homedir if it is 750. If it is 700 I won't be able to go/browse fred's homedir.
 
Old 08-22-2006, 10:27 AM   #5
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
Your users need execute permission on the /home directory to see through that and into their own login directory. Try this:

Code:
root> ls -ld /home
drwxr-xr-x  12 root root 1024 Aug 13 14:47 /home
root> chmod -c o=x /home
mode of `/home' changed to 0751 (rwxr-x--x)
root>

$ cd
$ pwd
/home/user01
$ ls ..
/bin/ls: ..: Permission denied
$ ls
Desktop  tmp
$

Notice that the /home directory is owned by root:root. This then requires that the 'other' group be able to see through the /home directory. All of the end user accounts fall into this category. So in my example the normal user account named 'user01' can see his own directory, as demonstrated by the second 'ls' command, but cannot see the contents of the /home directory, as demonstrated by the first ls command.

You could also take a slightly more elaborate course by having a group for each user account. Thus, the user account named user01 would have a corresponding group named user01. The user01 account belongs to the user01 group. All user accounts still belong to the users group. Then you can have the /home directory owned by root:users with the permission 710. This would give the users group permission to see into the /home directory but accounts like the nobody account could not see into the /home directory. This is more secure. This is the way that I set up my systems. You would execute the following commands to implement this scheme.

Code:
root> chgrp users /home
root> chmod -c g=x,o-rwx /home
mode of `/home' changed to 0710 (rwx--x---)
root> ls -ld /home
drwx--x---  12 root users 1024 Aug 13 14:47 /home
root>
Then you make your user home directories owned by the user account and its corresponding group account. Here is an example.

Code:
root> ls -l /home
drwx------  29 user01    user01    2048 Aug 21 15:16 user01
drwx------  38 user02    user02    3072 Aug 22 08:13 user02
drwx------  21 user03    user03    1024 Aug 18 07:18 user03
root>
Lastly, you could use access control lists (ACLs). Avoid this. ACLs are useful for making very fine tuned access control in complicated file access environments. Usually you can accomplish what you need to accomplish by using the normal Unix style file permissions and user groups.

Last edited by stress_junkie; 08-22-2006 at 10:39 AM.
 
  


Reply

Tags
access control list, acl, file permission


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Adding users with no home directory keysorsoze Linux - Newbie 2 04-02-2006 09:52 PM
Users can only see home directory bluenix Linux - General 20 03-12-2005 08:51 AM
Users home directory. Permissions. jsbush Linux - Newbie 4 10-29-2003 08:13 AM
multi users on the same home directory rpinatel Linux - General 4 09-05-2003 10:22 AM
2 users, 1 mailbox and 1 home directory keevitaja Linux - Newbie 3 08-15-2002 08:20 PM


All times are GMT -5. The time now is 06:11 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration