How to hide someone else's directories from a user?
Solution 1
If you use chmod
to set only set the x bit for group
and other
on /home - This disallows reading /home
(ls
will fail on /home), but the x
bit allows traversal to known sub-directories.
And also set no access for group
and other
on sub-directories in /home
ie the user directories.
If you are the user root, the commands would be:
chmod go=x /home
chmod go-rwx /home/user[123]
Then user2 will only be able to see the files in user2's home directory and ls
on /home, /home/user1 and /home/user3 will fail; ls: cannot open directory 'directory-name': Permission denied
Solution 2
It depend on system that you use.
There are many MAC implementations, Mandatory Access Control.
FreeBSD famous for its MAC. (see handbook)
Look at OpenBSD's systrace, its wrapper around shell give you a total control over what user can or can not do and see.
Linux rejoices by large of amount such systems. Look at SELinux, AppArmor, see also Grsecurity patch...
The easiest way and most popular is to put user into chroot(Linux), lxc-container(Linux), jail(FreeBSD), and many more...
Related videos on Youtube
![Anthony](https://i.stack.imgur.com/Jl5mh.png?s=256&g=1)
Anthony
Updated on September 18, 2022Comments
-
Anthony almost 2 years
I have several folders:
/home/user1/ -u user1 -G user1 /home/user2/ -u user2 -G user2 /home/user3/ -u user3 -G user3
I created three users user1, user2, user3. Each user has their own group. Any user can see other account folder for a while but cannot open it.
After user2 logged in using ssh they shouldn't see any folders downto its folder
/home/user2/
. They should see only folders in/home/user2/
.How to set these permissions?
-
user almost 11 yearsThis way, the users won't be able to list directories in /home (which requires read permission on /home, which you're revoking assuming sane ownership), but it won't prevent them from knowing about those directories because all users' home directories are likely named in /etc/passwd, which is world readable.
-
peterph almost 11 years@MichaelKjörling Yes, but there is no good way around that, apart from making
/etc/passwd
unreadable for users. The OP requested the directories "not to be seen", which this accomplishes. -
user almost 11 years@peterph True, but I still think it's an important caveat. Whether or not it is important depends on the exact use case.
-
peterph almost 11 years@MichaelKjörling sure - actually the requirement is quite strange - there are lots of ways to get names (and the likely location of their home directories) of at least some users on a system.
-
Crimbo about 3 years
chmod go-rwx /home/*
worked in my case. You might have to usesudo
for permission to run the command.