linux - How can I prevent other users from seeing the contents of my home directory?

06
2014-04
  • Charlie

    I have a box with multiple users on it and I want everyone to be able to have full access to their home folders, but not be able to see the contents of /home/ or another user's home folder (I.E. bob has full access to /home/bob but cannot access or even see the contents of /home/john)

    Right now users can see other user's home folders but can't modify what's inside.

    How do I prevent them from seeing the contents at all?

    • Answers
  • Area 51

    Change the permissions of the Home folder...

    You need to modify the Home folder's permissions using either:

    • chmod
    • the 'File Permissions' dialog (Nautilus Only)

    for chmod

    Open a terminal in the home folder and chmod the permissions

    chmod go-rwx [usersHomeFolder]

    for the 'File Permissions' dialog

    • right-click the usersHomeFolder
    • select 'properties'
    • under the 'permissions' tab change the owner to your user name if it isn't already set, change the group to none, and change other to none.

    See this link for more info.


    • Related Question

    osx - How can I prevent others from seeing the contents of my home directory, except for the public folder?
  • stalepretzel

    On Mac OS X, it's relatively easy to prevent people from seeing the files contained in your home directory: chmod 700 ~

    I'd like to perform a variation of that. I want it so that when people open /Users/stalepretzel, they only see one folder listed: Public. From there, I'd like to set the permissions of Public so that people can enter that folder and read anything that's not specified otherwise.

    Again, to clarify, I'd like it so another non-admin user could execute:

    $ cd /Users/stalepretzel; ls
Public
$ cd Public
All     the     contents     of
my      public  folder

    • Related Answers
  • jtb

    I'm afraid this isn't possible. A user can't access any file or folder anywhere in the tree of a directory for which he doesn't have read permissions. If the user does have read permissions for a directory (and all its superdirectories), he can ls and see all the files it contains.

    It might not feel quite so tidy, but if you want to prevent users from being able to ls your home directory you'll have to create Public somewhere outside of ~. If it's easier for you to access your own public directory from ~/Public, make a symlink (e.g. ln -s ~/Public /Users/Shared/stalepretzel).

  • jrg

    I don't think you can do any better than (standard Unix stuff):

    $ chmod 711 ~/
$ chmod g-rx,o-rx ~/*
$ chmod 755 ~/Public

    to make your home directory traversable, but unreadable, and everything else apart from 'Public' inaccessible.

    [Unix permission recap - Execute bits on a directory allow traversal, Read bits allow seeing the contents.]

    Unfortunately that doesn't allow anyone to see that your Public folder exists - and there's no way to do that, because the existence of the Public folder depends upon being able to read your home directory as that's the "file" that contains it (names are in parent directories, permissions are part of the file inode.)

  • Swish

    Open your home dir to be read:

    $ chmod 0744 ~

    and hide everything in there:

    $ chmod 700 ~/*

    then open up just the Public directory:

    $ chmod 0744  ~/Public

    Note: Edited the command order to make it correct