-
How to stop users sharing data
Hi folks,
Ubuntu 8.04 workstation
3 users share this PC, each having its login and password. How to stop user reading the home directory of another user. TIA
B.R.
satimis
-
Make each of their home directories read,write,executable only by their user.
Code:
chmod 707 <home dir>
This will allow only root and the owner of the home directory read,write,execute.
-
The obvious answer to that is that you set each user's home directory permissions to 700 so that only the user can access it. In many cases that's good enough.
It won't, however, stop the users running chmod on their own homes and reopening the permissions, either by accident or by design. If you want to eliminate that risk you will have to put protections on the parent directory, as chowning the home directory away to deny write access to the user would break stuff.
Ubuntu creates unique groups for each local user, ie user1 is in a group called user1. You can create the home directory as a subdirectory of a directory only the user's group can access. Like this:
Code:
mv /home/user1 /home/.user1
mkdir /home/user1
chown root:user1 /home/user1
chmod 750 /home/user1
mv /home/.user1 /home/user1/user1
Then edit the passwd file and make user1's home directory /home/user1/user1. The user can now do whatever he likes to his home. No one else will even be able to see it.
-
Originally Posted by E1PHOTON
Make each of their home directories read,write,executable only by their user.
Code:
chmod 707 <home dir>
This will allow only root and the owner of the home directory read,write,execute.
Noted with thanks
B.R.
satimis
-
Hi furryca,
Thanks for your advice.
Originally Posted by furrycat
- snip -
Code:
mv /home/user1 /home/.user1
mkdir /home/user1
chown root:user1 /home/user1
chmod 750 /home/user1
mv /home/.user1 /home/user1/user1
Why first move "mv /home/user1 /home/.user1" as hidden file? Finally move the hidden file back to "/home/user1/user1"?
Thanks
Then edit the passwd file and make user1's home directory /home/user1/user1. The user can now do whatever he likes to his home. No one else will even be able to see it.
1)
The passwd file is on;
/etc/passwd
?
2)
What shall I edit on that file?
TIA
B.R.
satimis
-
> Why first move "mv /home/user1 /home/.user1" as hidden file?
To move it out of the way so that you can create the parent which has the same name. An alternative would have been to create the parent as hidden, move the real home inside it and then rename the parent.
Code:
mkdir /home/.user1
chown root:user1 /home/.user1
chmod 750 /home/.user1
mv /home/user1 /home/.user1
mv /home/.user1 /home/user1
Or you could just make /home/user1/user1 directly and manually move everything. But that's tricky because you can't just
Code:
mv /home/user1/* /home/user1/user1
>1)The passwd file is on /etc/passwd
That's correct.
> 2) What shall I edit on that file?
Change
Code:
user1:x:1234:1234:/home/user1:/bin/bash
to
Code:
user1:x:1234:1234:/home/user1/user1:/bin/bash
Of course these directory names are just names. You don't have to call the parent by the same name as the user. You can have /home/foo/user1, /home/bar/user2 and /home/baz/user3 if you want. The important thing is that there is a directory above the user's home which only the user can access.
-
Originally Posted by furrycat
> Why first move "mv /home/user1 /home/.user1" as hidden file?
To move it out of the way so that you can create the parent which has the same name.
Hi furrycat,
I see. We can't have 2 directories in the same name simultaneously. Thanks
An alternative would have been to create the parent as hidden, move the real home inside it and then rename the parent.
Code:
mkdir /home/.user1
chown root:user1 /home/.user1
chmod 750 /home/.user1
mv /home/user1 /home/.user1
mv /home/.user1 /home/user1
Noted and thanks.
Or you could just make /home/user1/user1 directly and manually move everything. But that's tricky because you can't just
Code:
mv /home/user1/* /home/user1/user1
Why?
and
What will be the solution?
> 2) What shall I edit on that file?
Change
Code:
user1:x:1234:1234:/home/user1:/bin/bash
to
Code:
user1:x:1234:1234:/home/user1/user1:/bin/bash
Of course these directory names are just names. You don't have to call the parent by the same name as the user. You can have /home/foo/user1, /home/bar/user2 and /home/baz/user3 if you want. The important thing is that there is a directory above the user's home which only the user can access.
Noted.
Edit:
Tested your method. It works seamlessly. Other users can see user1's home directory, but only an empty directory. However user1 can see other users' directories. I can repeat the same procedure on other users' home directory. But for >100 users it takes some times. Is there any solution? TIA
B.R.
satimis
Last edited by satimis; 04-16-2009 at 06:10 AM.
Reason: adding more info after testing
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|