Ubuntu – Remove sudo privileges from a user (without deleting the user)

Does this work for you?

sudo EDITOR=gedit visudo

Change this line:

%admin ALL=(ALL) ALL

to this line:

%admin ALL=(ALL) NOPASSWD: ALL

No lectures. :)

In principle, a user created in that way cannot do any damage outside his/her own home directory. As you noticed, a regular user does have access to various directories (e.g. in /, /usr/, /tmp). This is a necessity, because most user-accessible programs are located in /usr/bin and /bin. If the user didn't have (read-only) access to these directories, he/she wouldn't be able to run any programs. However, a regular user doesn't have accesss to home directories of other users.

You can use the ls -l command to see permissions on a file or directory. See https://help.ubuntu.com/community/FilePermissions for more information on file permissions.

It is possible to limit an ssh user to only a few programs. See for http://www.pizzashack.org/rssh/ and http://www.cyberciti.biz/tips/linux-unix-restrict-shell-access-with-rssh.html for the rssh tool, which limits the user to only run copying tools like scp and rsync. Such users won't be able to log in normally to get a shell and run other commands.

Another option is to create a 'chroot' or 'jail' environment. See this AskUbuntu question.