Home Directory Protection for multi-users?

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this

Home Directory Protection for multi-users?

Postby dm_fw on Tue Jul 03, 2007 2:43 pm

I know that when I log on as one user, I can see but not alter another user's Home Directory. However, what do I need to set to make a user's dir. invisible to all other users? Eg. Like the My Documents on Win XP.

Want to make sure I do not screw up permissions and damage the user's directory!
dm_fw
Level 1
Level 1
 
Posts: 6
Joined: Sun Apr 15, 2007 11:33 pm

Linux Mint is funded by ads and donations.
 

Postby scorp123 on Tue Jul 03, 2007 3:38 pm

Well, completely "invisible" is impossible, but you can make sure that no one else can take a peek inside your home directory. They see that it's there, but they can't tell what's inside or not:

chmod 700 /home/myuseraccount

Above command will take away read, write and execute permissions (= in the case of a directory the "execute" bit means "being able to change into that directory and see what's inside" ...) from everyone but the actual owner. "7" means "read + write + execute", the two following zeros mean "no access whatsoever" for the group and then for "everyone else". Giving "read" permissions on a directory is not enough, you always have to grant "execute" permission too. So if you want to be less strict you could issue this command:

chmod 750 /home/myuseraccount

This would keep your permissions at max, but the group you belong to now only gets "read + execute" (= 5; in the case of a directory this means: "Can get into that directory + read the files; can't overwrite or delete anything though"); the last zero means "no access whatsoever" for "anyone else".

Please note that superuser "root" *always* has complete access, regardless what you set the permissions to.

I should maybe also explain this "anyone else" thing I mention above a few times: This of course means user accounts, system processes and user groups that are already on your system (basically anything that's already listed in /etc/passwd ...) ... this isn't about firewalls, the Internet or "unwanted visitors". So if you see directories that allow access to this so-called "anyone else" it's usually safe to leave it like that. I have seen new users getting nervous (they thought they were "wide open" ...) and then changing permissions on directories they were not supposed to touch ... Just to mention this here.

And as I said ... "root" can still do whatever he pleases, even if you set the permissions to "000" -- this won't stop the "root" account.

Nontheless: Please be cautious when playing around with file and directory permissions. Setting wrong permissions recursively on entire directories can seriously ruin your system ... and your day :wink:
User avatar
scorp123
Level 8
Level 8
 
Posts: 2287
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Dir Protection

Postby dm_fw on Thu Jul 05, 2007 2:26 pm

Do I need to do the CHMOD 700 as root or as the user? I assume the user, but want to make sure I do cause issues!
dm_fw
Level 1
Level 1
 
Posts: 6
Joined: Sun Apr 15, 2007 11:33 pm

Re: Dir Protection

Postby scorp123 on Thu Jul 05, 2007 3:13 pm

dm_fw wrote: CHMOD 700
chmod ... not "CHMOD" :wink: UNIX-like OS are very fetishist about precision. "chmod", "Chmod" and "CHMOD" are *NOT* the same thing. Just to mention this. Always make sure you keep an eye on upper case and lower case letters. Many newcomers get frustrated because they e.g. can't find files or the commands they were given somewhere in a forum "don't work" ... well, as I said: UNIX-like OS differentiate between upper case and lower case letters. One false upper or lower case letter in the wrong place and all of sudden unexpected things may happen :wink:

dm_fw wrote: as root or as the user?
If you are the owner of a directory (or a file ..) you can change the permissions yourself. You can even lock yourself out :lol: ... So please make sure you apply those numbers correctly! Please read the manual pages:
Code: Select all
man chmod
... and it can't harm if you write these things down on a note (or print it out), so you have it ready if you need it.

Important: Never ever issue a recursive chmod (e.g. chmod -R ...) or recursive chown (e.g. chown -R ....) on a directory unless you are 500% + precisely sure you know what you do. Recursive commands change everything underneath a directory tree and if you issue a wrong command --such as changing permissions on stuff you were not supposed to touch-- matters can get seriously complicated :wink:

dm_fw wrote: I assume the user, but want to make sure I do cause issues!
Newcomers are often tempted to do everything as superuser "root" ... *THIS* will definitely cause issues (e.g. work as root all the time) sooner or later.

However, changing file permissions in order to restrict access to a directory your normal user account owns shouldn't cause troubles on a system-wide level.

Just stay way from "sudo" and the "root" account and don't change permissions on things that are outside of your normal user's /home directory and you should be fine + safe.
User avatar
scorp123
Level 8
Level 8
 
Posts: 2287
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland


Return to Newbie Questions

Who is online

Users browsing this forum: Bing [Bot] and 34 guests