I wish to setup a secured multi user environment. That means that users shouldn't be capable to see other users files/directories (task #1) nor spying on their communication (task #2).

Limiting users to their home directories (task #1) should be done simply by chmod'ding each user's home directory:
$ sudo chmod 0700 /home/username
A permanent chmod solution would be to set the DIR_MODE variable (in /etc/adduser.conf) to 0700.

BUT, users sometimes wish to share files, so only we'll create one user account for that, with the following permissions on his /home directory: 0755 (to share files with ALL users, not only with the user's group)

To prevent users from spying on others' communication (task #2) is pretty much simple: as long there's a single user connected, he couldn't spy on other user's communication because the other user is disconnected...

---------

Am I right?
Would you advice adding an additional level of security?
What would you recommend to do about task #2 when multiple users are connected (e.g. Web hosting service) ?

I appreciate your help.

p.s. using Ubuntu 10.4

Hello,

Have a look at setfacl, it adds an additional level of permission granting/denying without the need to create additional groups or specific users. It's pretty powerful once you get the hang of it.

This site also has some good tips on user security (starting point 6).

And of course the best reference can be found here on LQ.

Kind regards,

Eric

Thanks for your reply Eric

All the reading material that you supplied is helpful indeed, though I'm looking for a confident solution to this prominent situation.
I'm sure that many linux users would be happy to read a popular & tried solution. Thus the question.

Best regards,
Dor

Hello,

The level of security you're requiring about already exist in basic Linux environment. Users are not allowed to view/edit another user's documents, as far as I know. There is no need to create an extra user to allow a 'group' of users to access certain documents. You can do that perfectly whit 'setfacl' (give one specific user or group access to your documents). Have you read about setfacl yet?

Or am I misunderstanding you?

Kind regards,

Eric

Can I ask why? What Real Life threats you must defend against?


As EricTRA already replied basic DAC rights keep unprivileged users from reading files they do not have rights to. Likewise unprivileged users homes in /home should by default be set to have octal 0700 access rights at creation time and users should have their umask set to 0027 through /etc/profile(.d/*).


That should be either ( users added to a common group; chgrp the directory and directory octal mode 1770 ) or using setfacl as EricTRA already replied. Before you turn down CLs (acl.bestbits.ac) do know they have been around for a long time and examples at http://www.suse.de/~agruen/acl/linux-acls/online/ should help get you achieve what you need quickly. (There's even a GUI ACL editor called "Eiciel".)


That kind of goes against your wish for having a "secured multi-user environment" ;-p It also shows why I asked you for reasons because for instance an out-of-the-box basic GNU/Linux installation, or a SELinux-enabled targeted policy-running one, will allow any user to for instance list processes, network connections and open files. Applying more invasive measures, like running a GRSecurity-enabled kernel, can compartmentalize process space. The cost of running a GRSecurity-enabled kernel will only be high if your distribution does not provide GRSecurity-enabled kernels by default. What you want can be done without RBAC rules.


I would advice you to be verbose not about what you want but about what you really need. If you don't know what you need then start by drafting a list of services you offer, who you offer it to and what must be expected from you.