Ubuntu – How to keep users out of system files


I'm trying to build a system that will be as idiot proof as possible. This will include keeping regular users out of system files to prevent them from rendering the system inoperable. And hopefully also keep them from reading or accessing files I don't want them to read or access.

I've read that without sudo privileges, users are mostly limited to their home directories for writing and deleting. Would that be enough to protect the operating system?

Also, is there a way to mostly limit users to their home directory for the file browser? (I know users still need to access the bin and other directories to run other programs, and I'll be disabling terminal for normal users as well)

Best Answer

Without sudo, users are limited to only having access to the /home directory in general, and then without permissions being modified for other users' home folders, they can only access their own home folder. So, as far as I know, what you're describing is largely the default behavior for non-sudo users.

That said, I think that any user can read many files in the system without sudo, but one really can't do anything without write permission anyhow, so I would consider that a moot point.

Related Question