How to restrict users in linux to their home directory

So lets say you have a server with a bunch of users and they all have sites and data and you don’t want them to be able to see each others data. A lot of distributions aren’t setup to stop users from wandering and reading files within other users directories.

So lets say you have a server with a bunch of users and they all have sites and data and you don’t want them to be able to see each others data. A lot of distributions aren’t setup to stop users from wandering and reading files within other users directories.

What you will need to do is change the permissions on the /home and each users directory using chmod. So first we need to change the permission on “/home”


[[email protected]:/]# chmod 0751 /home
[[email protected]:/]# stat home
File: `home'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 900h/2304d Inode: 2 Links: 32
Access: (0751/drwxr-x--x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2007-12-03 13:58:07.000000000 -0800
Modify: 2007-11-21 12:10:17.000000000 -0800
Change: 2007-12-03 13:57:28.000000000 -0800

As you can see the folder is now set to 0751, depending you may want to change this but by default this should be fine.

Now you need to change the permission on each users directory using chmod yet again


[[email protected]:/]# chmod 0751 jordan
[[email protected]:/home]# stat jordan
File: `jordan'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 900h/2304d Inode: 19709953 Links: 15
Access: (0751/drwxr-x--x) Uid: ( 1000/ jordan) Gid: ( 1000/ jordan)
Access: 2007-12-03 12:14:23.000000000 -0800
Modify: 2007-11-14 11:06:38.000000000 -0800
Change: 2007-12-03 13:57:42.000000000 -0800

Now your users shouldn’t be able to see other users on your system!

0 Shares:
You May Also Like

QuickPwn Released for Mac OS X

The iphone-dev.org crew has released QuickPwn for Mac OS X, there is a an official torrent for the release.
Here is the long awaited “QuickPwn” for Mac OS X. You’ll see a similarity to the user-interface of PwnageTool, this is because of the great feedback we’ve had since we moved to that interface with PwnageTool 2.x.

GRUB for DOS 0.4.3pre1 (Default branch)

GRUB for DOS 0.4.3pre1 (Default branch) - Screenshot GRUB for DOS is a rebuild of the GNU GRUB boot manager for DOS, and can be run under real mode DOS. It also has many new features. It can be booted through BOOT.INI of Windows (grldr) and kexec of Linux (grub.exe). It can directly boot NTLDR (WindowsNT/2K/XP), IO.SYS (Windows9x/Me) and KERNEL.SYS (FreeDOS). The disk emulation feature is another enhancement over GNU GRUB, and can be used to run legacy DOS/Windows9x systems with floppy or hard disk images.
License: GNU General Public License (GPL)
Changes:
A new option --in-situ for the map command has been added. Two syntactic operators, && and ||, have been implemented. is64bit, errnum, errorcheck, and hiddenflag commands have been added. PXE support has been added. Full NTFS support has been done. A lot of bugs have been fixed.

[FreshMeat]

Bitcoin Miner

Purchased 2x Sapphire 5830’s and a 1000W OCZ refurb. More from my siteTweakVista open beta beginsCreative Zen Stone Plus lobbed…

US Prepares for Eventual Cyberwar

US Prepares for Eventual Cyberwar - The New York Times is reporting on preparations in the works by the US government to prep for a 'cyberwar'. Precautionary measures are being taken to guard against concerted attacks by politically-minded (or well-paid) hackers looking to cause havoc. Though they outline scenarios where mass damage is the desired outcome (such as remotely opening a dam's gates to flood cities), most expect such conflicts to be more subtle. Parts of the internet, for example, may be unreachable or unreliable for certain countries. Regardless, the article suggests we've already seen our first low-level cyberwar in Estonia: "The cyberattacks in Estonia were apparently sparked by tensions over the country's plan to remove Soviet-era war memorials. Estonian officials initially blamed Russia for the attacks, suggesting that its state-run computer networks blocked online access to banks and government offices. The Kremlin denied the accusations. And Estonian officials ultimately accepted the idea that perhaps this attack was the work of tech-savvy activists, or 'hactivists,' who have been mounting similar attacks against just about everyone for several years."

Read more of this story at Slashdot.

[Slasdot]