How to hide someone else’s directories from a user

chmodchownpermissions

I have several folders:

/home/user1/ -u user1 -G user1
/home/user2/ -u user2 -G user2
/home/user3/ -u user3 -G user3

I created three users user1, user2, user3. Each user has their own group. Any user can see other account folder for a while but cannot open it.

After user2 logged in using ssh they shouldn't see any folders downto its folder /home/user2/.
They should see only folders in /home/user2/.

How to set these permissions?

Best Answer

If you use chmod to set only set the x bit for group and other on /home - This disallows reading /home (ls will fail on /home), but the x bit allows traversal to known sub-directories.

And also set no access for group and other on sub-directories in /home ie the user directories.

If you are the user root, the commands would be:

chmod go=x /home 
chmod go-rwx /home/user[123]

Then user2 will only be able to see the files in user2's home directory and ls on /home, /home/user1 and /home/user3 will fail; ls: cannot open directory 'directory-name': Permission denied

Related Solutions

Linux – setfacl access issues

You need the --recursive switch:

setfacl -R -m user:superuser:rx /home/

Otherwise the only thing that you are changing is the /home directory acl.

How to grant different permissions for each user

Traditional unix permissions only allow user, group, other permissions as you've found. These can result in some awkward combination of groups needing to be created...

So a new form of ACL (Access Control Lists) were tacked on. This allows you to specify multiple users and multiple groups with different permissions. These are set with the setfacl command and read with getfacl

$ setfacl -m u:root:r-- file.txt
$ setfacl -m u:bin:-wx file.txt 
$ setfacl -m u:lp:--x file.txt 
$ getfacl file.txt
# file: file.txt
# owner: sweh
# group: sweh
user::rw-
user:root:r--
user:bin:-wx
user:lp:--x
group::r--
mask::rwx
other::r--

You can easily tell if a file has an ACL by looking at the ls output:

$ ls -l file.txt
-rw-rwxr--+ 1 sweh sweh 0 Jul 26 10:33 file.txt

The + at the end of the permissions indicates an ACL.

Best Answer

Related Solutions

Linux – setfacl access issues

How to grant different permissions for each user

Related Question