Ubuntu – Hide/Don’t list non-readable folders

directorypermissionsserverssh

In a multi-user environment using Ubuntu server 14.04 as a shared drive

All users connect via SFTP using Filezilla/WinSCP and are chroot to /home/company-folder/

Each user has also its own personal folder under /home/company-folder/users/. Eg. /home/company-folder/users/username-1, /home/company-folder/users/username-2 and so on…

Now username-1 can see other users personal folders (/home/company-folder/users/username-2, /home/company-folder/users/username-3, etc), he cannot access other user folders but he can see them listed.

Question is: what can I do so users cannot see each others personal directory under /home/company-folder/users/?
Is there anyway in Ubuntu-Linux to hide non-readable folders?

Since in a system with 100+ users is not convenient for users to browse through the whole list of user folders to find his personal folder.

Best Answer

In general, no. Only the permission of the (from your point of view) parent directories determine, whether its content can be listed by a particular user. This includes directory entries, that this user cannot open/read. The mechanism for SSH/SFTP access is the same as with local tools, since the SSH/SFTP server spawns a subprocess for each session and changes the ownership of the subprocess to the respective user, as soon as they're authenticated successfully.

Consider the following example:

david@localhost:~$ ls -la /home
dr-xr-xr-x  1  root   root    80 Nov 10 09:05 .
drwxr-xr-x 23  root   root  4,0K Dec 17 11:09 ..
drwxr-xr-x  1 guest  guest   836 Sep  4 20:58 guest
drwxr-x---  1 david  users  4,2K Dec 14 22:07 david
drwx------  1  root   root   614 Nov 10 12:42 root

As you can see, I, david, can list the content of /home even though I am not its owner, since everybody can read it (see the permission mask in front of the . entry). I can list the content of /home/guest for the same reason. I can also list the content of /home/david, since I'm its owner and the owner has read permission. However, I cannot list the content of /home/root, since I'm not the owner and nobody but the owner has read permissions on that directory:

david@localhost:~$ ls /home/root
ls: cannot open directory /home/root: Permission denied

If one changed the ownership of /home to remove read permission for non-owners, I could not list the content of /home any longer:

david@localhost:~$ sudo chmod o-r /home
david@localhost:~$ ls -ld /home
drwxr-x--x 2 root root 40 Dez 17 21:17 /home
david@localhost:~$ ls -l /home
ls: cannot open directory /home: Permission denied

Though, I can still traverse /home and read /home/david, because the traverse permission (that's the semantic of the “execute” bit on directories) is still set on /home (and /):

david@localhost:~$ ls -l /home/david
total 732K
drwx------  1 david users 4,2K Dec 14 22:07 .
dr-xr-x--x  1 root  root    80 Nov 10 09:05 ..
drwx------  1 david users   60 Aug 24  2014 .adobe
-rw-------  1 david users   83 Dec  6 19:49 .bash_aliases
-rw-------  1 david users   66 May 12  2011 .bash_completion
-rw-------  1 david users  703 Nov 23 05:41 .bash_exports
[etc...]

See Jakuje's answer for a possible alternative approach to your underlying aim.

Best Answer

Related Solutions

Ubuntu – OpenSSH – Restrict users to one or multiple folders

Related Question