One option would be to create a group with read/write permissions on that folder and then add each one of the users to that group.
First, you need to create a new group:
groupadd my_media_group
Then change the permissions of your files. Supposing /dev/sdd1
is mounted in /media/nick/Media Store
sudo chgrp /media/nick/Media\ Store my_media_group
sudo chmod -R 2770 /media/nick/Media Store
The first command will change the group of that folder. The second will set rwx permissions to owner and group (770) and make new created files have the group of the parent folder (2). If you already have files in that folder, it may be needed to change their group also (it can be made with chgrp -R
)
Lastly, for each one of the users in the system add it to that group:
sudo usermod -a -G my_media_group <username>
I haven't tried this, and it may not be the best way to do it, but if it doesn't work you should be able to go back using chgrp
and chmod
.
Hope this helps.
Reassess your requirement first. What is the problem you are trying to solve? Why do you want to prevent users from leaving their home directory? Isn't it rather that you don't want them to rummage through specific other directories -- such as the home directories of other users?
It is very difficult to prevent users from leaving their home directory. It is actually a bit silly, too (explanation follows). It is much simpler to prevent users from entering directories you don't want them to enter.
First off, yes you can give users a so-called restricted shell, see man rbash
. This will prevent them from cd
-ing elsewhere, but only inside that shell. If the user starts vi
or nano
(or any other program capable of opening a file) they can again open files anywhere on the system. As a matter of fact, a restricted shell does not prevent e.g. cat /etc/passwd
.
The next step up is a root jail. More info on the community wiki and in this question. Though a root jail will lock users inside a walled garden, within which they have access to nothing but the files and commands that you intentionally put there, root jails really are intended for isolating untrusted software rather than users. In particular, they are for software that needs to run with elevated privileges -- hence a root jail.
Users, on the other hand, are trusted: they have had to authenticate and run without elevated privileges. Therefore file permissions suffice to keep them from changing files they do not own, and from seeing things they must not see. To prevent users from reading the content of a file, remove its world-readability with chmod o-r FILE
. To keep users out of a directory, make it world-inaccessible with chmod o-rwx DIR
.
World-readability is the default though, for good reason: users actually need most of the stuff that's on the file system. Don't lock users in their homes just because there exist secrets outside.
Why locking users in their home directory is a bit silly
To do anything useful, users need access to commands and applications. These are in directories like /bin
and /usr/bin
, so unless you copy all commands they need from there to their home directories, users will need access to /bin
and /usr/bin
. But that's only the start. Applications need libraries from /usr/lib
and /lib
, which in turn need access to system resources, which are in /dev
, and to configuration files in /etc
and /usr/share
.
This was just the read-only part. Applications will also want /tmp
and often /var
to write into. So, if you want to constrain a user within his home directory, you are going to have to copy a lot into it. In fact, pretty much an entire base file system -- which you already have, located at /
.
Best Answer
You don't need to use hard links, actually we can not create a hard link to a directory because it makes loop in file system hierarchy.
You have to use
-s
option to create a symlink (symbolic link):Let's say I have mounted
/dev/sda7
on/media/some/mount/point
. To create a link to this path I have to run:Like:
The permission of link would be 777 but however a symlink is a different file from you actual directory, it only grant access to symlink itself and the user must have correct permissions to be able to work with the files in
/media/some/mount/point
.