Home Directory Protection for multi-users?

Quick to answer questions about finding your way around Linux Mint as a new user.
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
scorp123
Level 8
Level 8
Posts: 2272
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 »

Well, completely "invisible" is impossible, but you can make sure that no one else can take a peek inside your home directory. They see that it's there, but they can't tell what's inside or not:

chmod 700 /home/myuseraccount

Above command will take away read, write and execute permissions (= in the case of a directory the "execute" bit means "being able to change into that directory and see what's inside" ...) from everyone but the actual owner. "7" means "read + write + execute", the two following zeros mean "no access whatsoever" for the group and then for "everyone else". Giving "read" permissions on a directory is not enough, you always have to grant "execute" permission too. So if you want to be less strict you could issue this command:

chmod 750 /home/myuseraccount

This would keep your permissions at max, but the group you belong to now only gets "read + execute" (= 5; in the case of a directory this means: "Can get into that directory + read the files; can't overwrite or delete anything though"); the last zero means "no access whatsoever" for "anyone else".

Please note that superuser "root" *always* has complete access, regardless what you set the permissions to.

I should maybe also explain this "anyone else" thing I mention above a few times: This of course means user accounts, system processes and user groups that are already on your system (basically anything that's already listed in /etc/passwd ...) ... this isn't about firewalls, the Internet or "unwanted visitors". So if you see directories that allow access to this so-called "anyone else" it's usually safe to leave it like that. I have seen new users getting nervous (they thought they were "wide open" ...) and then changing permissions on directories they were not supposed to touch ... Just to mention this here.

And as I said ... "root" can still do whatever he pleases, even if you set the permissions to "000" -- this won't stop the "root" account.

Nontheless: Please be cautious when playing around with file and directory permissions. Setting wrong permissions recursively on entire directories can seriously ruin your system ... and your day :wink:
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Top
scorp123
Level 8
Level 8
Posts: 2272
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Re: Dir Protection

Post by scorp123 »

dm_fw wrote: CHMOD 700
chmod ... not "CHMOD" :wink: UNIX-like OS are very fetishist about precision. "chmod", "Chmod" and "CHMOD" are *NOT* the same thing. Just to mention this. Always make sure you keep an eye on upper case and lower case letters. Many newcomers get frustrated because they e.g. can't find files or the commands they were given somewhere in a forum "don't work" ... well, as I said: UNIX-like OS differentiate between upper case and lower case letters. One false upper or lower case letter in the wrong place and all of sudden unexpected things may happen :wink:
dm_fw wrote: as root or as the user?
If you are the owner of a directory (or a file ..) you can change the permissions yourself. You can even lock yourself out :lol: ... So please make sure you apply those numbers correctly! Please read the manual pages:

Code: Select all

man chmod
... and it can't harm if you write these things down on a note (or print it out), so you have it ready if you need it.

Important: Never ever issue a recursive chmod (e.g. chmod -R ...) or recursive chown (e.g. chown -R ....) on a directory unless you are 500% + precisely sure you know what you do. Recursive commands change everything underneath a directory tree and if you issue a wrong command --such as changing permissions on stuff you were not supposed to touch-- matters can get seriously complicated :wink:
dm_fw wrote: I assume the user, but want to make sure I do cause issues!
Newcomers are often tempted to do everything as superuser "root" ... *THIS* will definitely cause issues (e.g. work as root all the time) sooner or later.

However, changing file permissions in order to restrict access to a directory your normal user account owns shouldn't cause troubles on a system-wide level.

Just stay way from "sudo" and the "root" account and don't change permissions on things that are outside of your normal user's /home directory and you should be fine + safe.
Top
Locked

Return to “Beginner Questions”