How to hide someone else's directories from a user?

permissions chmod chown

6,892

Solution 1

If you use chmod to set only set the x bit for group and other on /home - This disallows reading /home (ls will fail on /home), but the x bit allows traversal to known sub-directories.

And also set no access for group and other on sub-directories in /home ie the user directories.

If you are the user root, the commands would be:

chmod go=x /home 
chmod go-rwx /home/user[123]

Then user2 will only be able to see the files in user2's home directory and ls on /home, /home/user1 and /home/user3 will fail; ls: cannot open directory 'directory-name': Permission denied

Solution 2

It depend on system that you use.

There are many MAC implementations, Mandatory Access Control.

FreeBSD famous for its MAC. (see handbook)

Look at OpenBSD's systrace, its wrapper around shell give you a total control over what user can or can not do and see.

Linux rejoices by large of amount such systems. Look at SELinux, AppArmor, see also Grsecurity patch...

The easiest way and most popular is to put user into chroot(Linux), lxc-container(Linux), jail(FreeBSD), and many more...

6,892

Anthony

Updated on September 18, 2022

Comments

Anthony almost 2 years
I have several folders:
```
/home/user1/ -u user1 -G user1
/home/user2/ -u user2 -G user2
/home/user3/ -u user3 -G user3
```
I created three users user1, user2, user3. Each user has their own group. Any user can see other account folder for a while but cannot open it.

After user2 logged in using ssh they shouldn't see any folders downto its folder /home/user2/. They should see only folders in /home/user2/.

How to set these permissions?
user almost 11 years

This way, the users won't be able to list directories in /home (which requires read permission on /home, which you're revoking assuming sane ownership), but it won't prevent them from knowing about those directories because all users' home directories are likely named in /etc/passwd, which is world readable.
peterph almost 11 years

@MichaelKjörling Yes, but there is no good way around that, apart from making /etc/passwd unreadable for users. The OP requested the directories "not to be seen", which this accomplishes.
user almost 11 years

@peterph True, but I still think it's an important caveat. Whether or not it is important depends on the exact use case.
peterph almost 11 years

@MichaelKjörling sure - actually the requirement is quite strange - there are lots of ways to get names (and the likely location of their home directories) of at least some users on a system.
Crimbo about 3 years

chmod go-rwx /home/* worked in my case. You might have to use sudo for permission to run the command.