Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Give users access to only home directory

  1. #1
    Join Date
    Dec 2012
    Beans
    26

    Give users access to only home directory

    Hi everyone,
    I was wondering if there's a way to give users access to only a certain directory (i.e. the home directory as the title says). I'm trying to allow friends to ssh/sftp into the server without allowing them to screw anything up or snoop around. The only access is through SSH/SFTP if that helps. Based on what the internet is saying chroot is the best option(not sure what that really is) but I'm relatively new to linux and am completely confused. If someone could give me a detailed step by step walkthrough on how to implement chroot or some other way to accomplish the same thing it would be great.

    Thanks,
    Ubuntu Server Edition 12.04 (LTS)

  2. #2
    Join Date
    Dec 2007
    Beans
    17

    Re: Give users access to only home directory

    Create a user account on the server for them and when they ssh into the machine they will have to use their own credentials. As long as you do not grant sudo "root" priveledges to the user you should be fine.

  3. #3
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: Give users access to only home directory

    I would also override the insecure Ubuntu default of having all users be able to browse other users' directories:

    Code:
    cd /home
    sudo chmod 700 *
    Now /home/username is only visible to its owner. To make this the default for all new users, edit /etc/adduser.conf and set "DIR_MODE" to 0700 instead of the 0755 default.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  4. #4
    Join Date
    Dec 2012
    Beans
    26

    Re: Give users access to only home directory

    Quote Originally Posted by SeijiSensei View Post
    I would also override the insecure Ubuntu default of having all users be able to browse other users' directories:

    Code:
    cd /home
    sudo chmod 700 *
    Now /home/username is only visible to its owner. To make this the default for all new users, edit /etc/adduser.conf and set "DIR_MODE" to 0700 instead of the 0755 default.
    Thanks for the response but I don't think this will work for my needs. I have many other users with all different levels of access so by using Chmod on everything it would affect my other users.

  5. #5
    Join Date
    Dec 2012
    Beans
    26

    Re: Give users access to only home directory

    Quote Originally Posted by skinnymg1 View Post
    Create a user account on the server for them and when they ssh into the machine they will have to use their own credentials. As long as you do not grant sudo "root" priveledges to the user you should be fine.
    I already have the account created and stopped them from using sudo and switching accounts however, I still do have other I don't want to give them access to any other folders that I have made public (I.e. apache web server, DLNA media server, etc) which are public so all other users can access it

  6. #6
    Join Date
    Jan 2007
    Beans
    6,537
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Give users access to only home directory

    Quote Originally Posted by bellygrevios View Post
    Thanks for the response but I don't think this will work for my needs. I have many other users with all different levels of access so by using Chmod on everything it would affect my other users.
    Each user will still have access to their own home directory, so unless they really, really need to be able to peek in each others' home folders there's no problem.

    If you did need some users to be restricted and some not then using permissions is still the way forward. Simply add those users you want to have access to a special group, give that group read access and cut off everybody else. Sorting this kind of stuff is exactly what commands like chmod and the Linux permissions system is for.

  7. #7
    Join Date
    Nov 2011
    Location
    /dev/root
    Beans
    Hidden!

    Re: Give users access to only home directory

    Quote Originally Posted by Paqman View Post
    Each user will still have access to their own home directory, so unless they really, really need to be able to peek in each others' home folders there's no problem.

    If you did need some users to be restricted and some not then using permissions is still the way forward. Simply add those users you want to have access to a special group, give that group read access and cut off everybody else. Sorting this kind of stuff is exactly what commands like chmod and the Linux permissions system is for.
    +1
    Use the group permissions to allow the priority users to read and run each other's files, but keep the others out.

  8. #8
    Join Date
    Feb 2013
    Beans
    Hidden!

    Re: Give users access to only home directory

    You may want to know how specific privileges are managed in Ubuntu: Security/Privileges

  9. #9
    Join Date
    Dec 2012
    Beans
    26

    Re: Give users access to only home directory

    Quote Originally Posted by sudodus View Post
    +1
    Use the group permissions to allow the priority users to read and run each other's files, but keep the others out.
    My other users need to be able to look in a media directory and other files not under /home (such as /var/www and others. I can't just stop them from accessing every system folder.

  10. #10
    Join Date
    Aug 2012
    Beans
    Hidden!

    Re: Give users access to only home directory

    Quote Originally Posted by bellygrevios View Post
    Thanks for the response but I don't think this will work for my needs. I have many other users with all different levels of access so by using Chmod on everything it would affect my other users.
    Then set permissions of 755 for the directories you want left alone (readable to all) and use permissions of 700 on home folders you don't want as accessible. Accounts set to 700 permisssions are then protected from prying eyes as your opening post indicated you wanted, but are still fully useable to their owner and root too of course, just not other users.
    Remove the * (wilcard) in SejiiSenei's post command and replace the actual usernames, one by one, and set the permissions as you indicated you require.

    Edit: on rereading Paqman's post, that is a much better way; setting a special group for the permissions handling would allow easier management for new users added what I posted above OP. A much better option really. cheers and good luck.
    Last edited by coldcritter64; March 14th, 2013 at 11:24 PM.

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •