1

Is there any way of making a user only able to see and modificate his home folder? I am currently on arch linux.

Just explaining a little better, the user would not be able to see /etc or any other system directories or folders from others

Improve this question
4
  • 1
    And what can the user do with that system? He can't access any binaries (probably not even the shell). Usually it's sufficient to prevent writing in other directories except their home directory. That having said you can look at chrooting the user to their home directory and possibly provide some binaries. Commented Sep 18, 2015 at 16:35
  • POSIX ACL can do this neatly, and it should be supported on most modern Linux distros / filesystems. See wiki.archlinux.org/index.php/Access_Control_Lists for general usage. Commented Sep 19, 2015 at 0:27
  • For example, for user 'naughty', you will want to use setfacl -m user:naughty:--- -R /; setfacl -R -x user:naughty:rwx /home/naughty. Additional changes are of course needed or he won't even get his login shell running. Commented Sep 19, 2015 at 0:38
  • Thank you, it looks like exactly what I was looking for. I'll make some search and get it running. Commented Sep 19, 2015 at 0:44

1 Answer 1

Reset to default
2

You cannot usefully restrict interactive access to the system directories such as /etc further than is already provided.

You can prevent a user from accessing anyone else's home folder simply by reducing the permissions on all home folders.

For example, if all users have their home directories under /home then this command will lock the access rights down tightly

chmod go= /home/*

Don't forget that it needs to be run as the root user.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.