limiting users to their home directory

[H.S.]

Loïc Grenié wrote:
> 2008/12/23 H.S. <hs.samix at gmail.com>:
>> Nick Smith wrote:
>>> I run a small webserver with ubuntu 7.04 and would like to lock each
>>> user down to be able to see/edit only files in his directory,
>>> and disable ssh access.
>> There have been many responses to this post. I just want to throw
>> another point of view (if it hasn't been mentioned already).
>>
>> From your query above, it appears you want users to not see anything at
>> all other than their own home. I am not sure this is easy to do, if at
>> all possible. They will at least have to see (able to read and execute)
>> the commands they use (ls, rm, mkdir, etc.). So here itself I see some
>> contradictions in your query above.
> 
>      You do not need to be able to read a command to execute it. You
>   can deny the read permission to most of the command (not the
>   shell-scripts, though). You can also deny the read permission of the
>   directories (that disallows the browsing).
> 
> (as root)
> chmod 711 /bin
> chmod 755 /bin/ls
> (as user)
> ls
> 
>    works the same as usual.
> 
>          Loïc
> 

Okay. But I do not see its use if the OP desires this. And what about
conf files and default desktop files the various window managers use?
And the system font files?

Also, if the OP sets the user's default permissions with rwX with no
permissions for groups and others, except in the case of ~/www
directories, wouldn't this achieve what he wants to do?

What I do not understand yet is does the OP want to hide *all* of the
system from each user or just other users?



-- 

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.