linux - How can I prevent other users from seeing the contents of my home directory?
2014-04
I have a box with multiple users on it and I want everyone to be able to have full access to their home folders, but not be able to see the contents of /home/ or another user's home folder (I.E. bob has full access to /home/bob but cannot access or even see the contents of /home/john)
Right now users can see other user's home folders but can't modify what's inside.
How do I prevent them from seeing the contents at all?
Change the permissions of the Home folder...
You need to modify the Home folder's permissions using either:
- chmod
- the 'File Permissions' dialog (Nautilus Only)
for chmod
Open a terminal in the home folder and chmod the permissions
chmod go-rwx [usersHomeFolder]
for the 'File Permissions' dialog
- right-click the usersHomeFolder
- select 'properties'
- under the 'permissions' tab change the owner to your user name if it isn't already set, change the group to none, and change other to none.
See this link for more info.
On Mac OS X, it's relatively easy to prevent people from seeing the files contained in your home directory: chmod 700 ~
I'd like to perform a variation of that. I want it so that when people open /Users/stalepretzel, they only see one folder listed: Public. From there, I'd like to set the permissions of Public so that people can enter that folder and read anything that's not specified otherwise.
Again, to clarify, I'd like it so another non-admin user could execute:
$ cd /Users/stalepretzel; ls
Public
$ cd Public
All the contents of
my public folder
I'm afraid this isn't possible. A user can't access any file or folder anywhere in the tree of a directory for which he doesn't have read permissions. If the user does have read permissions for a directory (and all its superdirectories), he can ls
and see all the files it contains.
It might not feel quite so tidy, but if you want to prevent users from being able to ls
your home directory you'll have to create Public
somewhere outside of ~
. If it's easier for you to access your own public directory from ~/Public
, make a symlink (e.g. ln -s ~/Public /Users/Shared/stalepretzel
).
I don't think you can do any better than (standard Unix stuff):
$ chmod 711 ~/
$ chmod g-rx,o-rx ~/*
$ chmod 755 ~/Public
to make your home directory traversable, but unreadable, and everything else apart from 'Public' inaccessible.
[Unix permission recap - Execute bits on a directory allow traversal, Read bits allow seeing the contents.]
Unfortunately that doesn't allow anyone to see that your Public folder exists - and there's no way to do that, because the existence of the Public folder depends upon being able to read your home directory as that's the "file" that contains it (names are in parent directories, permissions are part of the file inode.)
Open your home dir to be read:
$ chmod 0744 ~
and hide everything in there:
$ chmod 700 ~/*
then open up just the Public directory:
$ chmod 0744 ~/Public
Note: Edited the command order to make it correct