How to stop users sharing data

**satimis** · 04-14-2009, 11:02 AM

Hi folks,

Ubuntu 8.04 workstation

3 users share this PC, each having its login and password. How to stop user reading the home directory of another user. TIA

B.R.
satimis

**E1PHOTON** · 04-14-2009, 12:07 PM

Make each of their home directories read,write,executable only by their user.

Code:

chmod 707 <home dir>

This will allow only root and the owner of the home directory read,write,execute.

**furrycat** · 04-14-2009, 12:10 PM

The obvious answer to that is that you set each user's home directory permissions to 700 so that only the user can access it. In many cases that's good enough.

It won't, however, stop the users running chmod on their own homes and reopening the permissions, either by accident or by design. If you want to eliminate that risk you will have to put protections on the parent directory, as chowning the home directory away to deny write access to the user would break stuff.

Ubuntu creates unique groups for each local user, ie user1 is in a group called user1. You can create the home directory as a subdirectory of a directory only the user's group can access. Like this:

Code:

mv /home/user1 /home/.user1

mkdir /home/user1
chown root:user1 /home/user1
chmod 750 /home/user1

mv /home/.user1 /home/user1/user1

Then edit the passwd file and make user1's home directory /home/user1/user1. The user can now do whatever he likes to his home. No one else will even be able to see it.

**satimis** · 04-15-2009, 10:49 AM

Originally Posted by E1PHOTON

Make each of their home directories read,write,executable only by their user.

Code:

chmod 707 <home dir>

This will allow only root and the owner of the home directory read,write,execute.

Noted with thanks

B.R.
satimis

**satimis** · 04-15-2009, 11:09 AM

Hi furryca,

Thanks for your advice.

Originally Posted by furrycat

- snip -

Code:

mv /home/user1 /home/.user1

mkdir /home/user1
chown root:user1 /home/user1
chmod 750 /home/user1

mv /home/.user1 /home/user1/user1

Why first move "mv /home/user1 /home/.user1" as hidden file? Finally move the hidden file back to "/home/user1/user1"?

Thanks

Then edit the passwd file and make user1's home directory /home/user1/user1. The user can now do whatever he likes to his home. No one else will even be able to see it.

1)
The passwd file is on;
/etc/passwd
?

2)
What shall I edit on that file?

TIA

B.R.
satimis

**furrycat** · 04-15-2009, 12:04 PM

> Why first move "mv /home/user1 /home/.user1" as hidden file?

To move it out of the way so that you can create the parent which has the same name. An alternative would have been to create the parent as hidden, move the real home inside it and then rename the parent.

Code:

mkdir /home/.user1
chown root:user1 /home/.user1
chmod 750 /home/.user1

mv /home/user1 /home/.user1
mv /home/.user1 /home/user1

Or you could just make /home/user1/user1 directly and manually move everything. But that's tricky because you can't just

Code:

mv /home/user1/* /home/user1/user1

>1)The passwd file is on /etc/passwd

That's correct.

> 2) What shall I edit on that file?

Change

Code:

user1:x:1234:1234:/home/user1:/bin/bash

to

Code:

user1:x:1234:1234:/home/user1/user1:/bin/bash

Of course these directory names are just names. You don't have to call the parent by the same name as the user. You can have /home/foo/user1, /home/bar/user2 and /home/baz/user3 if you want. The important thing is that there is a directory above the user's home which only the user can access.

**satimis** · 04-15-2009, 08:22 PM

Originally Posted by furrycat

> Why first move "mv /home/user1 /home/.user1" as hidden file?

To move it out of the way so that you can create the parent which has the same name.

Hi furrycat,

I see. We can't have 2 directories in the same name simultaneously. Thanks

An alternative would have been to create the parent as hidden, move the real home inside it and then rename the parent.

Code:

mkdir /home/.user1
chown root:user1 /home/.user1
chmod 750 /home/.user1

mv /home/user1 /home/.user1
mv /home/.user1 /home/user1

Noted and thanks.

Or you could just make /home/user1/user1 directly and manually move everything. But that's tricky because you can't just

Code:

mv /home/user1/* /home/user1/user1

Why?

and

What will be the solution?

> 2) What shall I edit on that file?

Change

Code:

user1:x:1234:1234:/home/user1:/bin/bash

to

Code:

user1:x:1234:1234:/home/user1/user1:/bin/bash

Of course these directory names are just names. You don't have to call the parent by the same name as the user. You can have /home/foo/user1, /home/bar/user2 and /home/baz/user3 if you want. The important thing is that there is a directory above the user's home which only the user can access.

Noted.

Edit:

Tested your method. It works seamlessly. Other users can see user1's home directory, but only an empty directory. However user1 can see other users' directories. I can repeat the same procedure on other users' home directory. But for >100 users it takes some times. Is there any solution? TIA

B.R.
satimis

Thread: How to stop users sharing data

Thread Tools

Display

How to stop users sharing data

Posting Permissions