Posted: Tue Jul 03, 2007 3:38 pm
Well, completely "invisible" is impossible, but you can make sure that no one else can take a peek inside your home directory. They see that it's there, but they can't tell what's inside or not:
chmod 700 /home/myuseraccount
Above command will take away read, write and execute permissions (= in the case of a directory the "execute" bit means "being able to change into that directory and see what's inside" ...) from everyone but the actual owner. "7" means "read + write + execute", the two following zeros mean "no access whatsoever" for the group and then for "everyone else". Giving "read" permissions on a directory is not enough, you always have to grant "execute" permission too. So if you want to be less strict you could issue this command:
chmod 750 /home/myuseraccount
This would keep your permissions at max, but the group you belong to now only gets "read + execute" (= 5; in the case of a directory this means: "Can get into that directory + read the files; can't overwrite or delete anything though"); the last zero means "no access whatsoever" for "anyone else".
Please note that superuser "root" *always* has complete access, regardless what you set the permissions to.
I should maybe also explain this "anyone else" thing I mention above a few times: This of course means user accounts, system processes and user groups that are already on your system (basically anything that's already listed in /etc/passwd ...) ... this isn't about firewalls, the Internet or "unwanted visitors". So if you see directories that allow access to this so-called "anyone else" it's usually safe to leave it like that. I have seen new users getting nervous (they thought they were "wide open" ...) and then changing permissions on directories they were not supposed to touch ... Just to mention this here.
And as I said ... "root" can still do whatever he pleases, even if you set the permissions to "000" -- this won't stop the "root" account.
Nontheless: Please be cautious when playing around with file and directory permissions. Setting wrong permissions recursively on entire directories can seriously ruin your system ... and your day
chmod 700 /home/myuseraccount
Above command will take away read, write and execute permissions (= in the case of a directory the "execute" bit means "being able to change into that directory and see what's inside" ...) from everyone but the actual owner. "7" means "read + write + execute", the two following zeros mean "no access whatsoever" for the group and then for "everyone else". Giving "read" permissions on a directory is not enough, you always have to grant "execute" permission too. So if you want to be less strict you could issue this command:
chmod 750 /home/myuseraccount
This would keep your permissions at max, but the group you belong to now only gets "read + execute" (= 5; in the case of a directory this means: "Can get into that directory + read the files; can't overwrite or delete anything though"); the last zero means "no access whatsoever" for "anyone else".
Please note that superuser "root" *always* has complete access, regardless what you set the permissions to.
I should maybe also explain this "anyone else" thing I mention above a few times: This of course means user accounts, system processes and user groups that are already on your system (basically anything that's already listed in /etc/passwd ...) ... this isn't about firewalls, the Internet or "unwanted visitors". So if you see directories that allow access to this so-called "anyone else" it's usually safe to leave it like that. I have seen new users getting nervous (they thought they were "wide open" ...) and then changing permissions on directories they were not supposed to touch ... Just to mention this here.
And as I said ... "root" can still do whatever he pleases, even if you set the permissions to "000" -- this won't stop the "root" account.
Nontheless: Please be cautious when playing around with file and directory permissions. Setting wrong permissions recursively on entire directories can seriously ruin your system ... and your day