Ubuntu – How to prevent users accessing anything but their own home directory

Reassess your requirement first. What is the problem you are trying to solve? Why do you want to prevent users from leaving their home directory? Isn't it rather that you don't want them to rummage through specific other directories -- such as the home directories of other users?

It is very difficult to prevent users from leaving their home directory. It is actually a bit silly, too (explanation follows). It is much simpler to prevent users from entering directories you don't want them to enter.

First off, yes you can give users a so-called restricted shell, see man rbash. This will prevent them from cd-ing elsewhere, but only inside that shell. If the user starts vi or nano (or any other program capable of opening a file) they can again open files anywhere on the system. As a matter of fact, a restricted shell does not prevent e.g. cat /etc/passwd.

The next step up is a root jail. More info on the community wiki and in this question. Though a root jail will lock users inside a walled garden, within which they have access to nothing but the files and commands that you intentionally put there, root jails really are intended for isolating untrusted software rather than users. In particular, they are for software that needs to run with elevated privileges -- hence a root jail.

Users, on the other hand, are trusted: they have had to authenticate and run without elevated privileges. Therefore file permissions suffice to keep them from changing files they do not own, and from seeing things they must not see. To prevent users from reading the content of a file, remove its world-readability with chmod o-r FILE . To keep users out of a directory, make it world-inaccessible with chmod o-rwx DIR.

World-readability is the default though, for good reason: users actually need most of the stuff that's on the file system. Don't lock users in their homes just because there exist secrets outside.

Why locking users in their home directory is a bit silly

To do anything useful, users need access to commands and applications. These are in directories like /bin and /usr/bin, so unless you copy all commands they need from there to their home directories, users will need access to /bin and /usr/bin. But that's only the start. Applications need libraries from /usr/lib and /lib, which in turn need access to system resources, which are in /dev, and to configuration files in /etc and /usr/share.

This was just the read-only part. Applications will also want /tmp and often /var to write into. So, if you want to constrain a user within his home directory, you are going to have to copy a lot into it. In fact, pretty much an entire base file system -- which you already have, located at /.