limiting users to their home directory

Loïc Grenié loic.grenie at gmail.com
Tue Dec 23 21:00:51 UTC 2008 

2008/12/23 H.S. <hs.samix at gmail.com>:
> Loïc Grenié wrote:
>> 2008/12/23 H.S. <hs.samix at gmail.com>:
>>> Nick Smith wrote:
>>>> I run a small webserver with ubuntu 7.04 and would like to lock each
>>>> user down to be able to see/edit only files in his directory,
>>>> and disable ssh access.
>>> There have been many responses to this post. I just want to throw
>>> another point of view (if it hasn't been mentioned already).
>>>
>>> From your query above, it appears you want users to not see anything at
>>> all other than their own home. I am not sure this is easy to do, if at
>>> all possible. They will at least have to see (able to read and execute)
>>> the commands they use (ls, rm, mkdir, etc.). So here itself I see some
>>> contradictions in your query above.
>>
>>      You do not need to be able to read a command to execute it. You
>>   can deny the read permission to most of the command (not the
>>   shell-scripts, though). You can also deny the read permission of the
>>   directories (that disallows the browsing).
>>
>> (as root)
>> chmod 711 /bin
>> chmod 755 /bin/ls
>> (as user)
>> ls
>>
>>    works the same as usual.
>>
>>          Loïc
>>
>
> Okay. But I do not see its use if the OP desires this. And what about
> conf files and default desktop files the various window managers use?
> And the system font files?
>
> Also, if the OP sets the user's default permissions with rwX with no
> permissions for groups and others, except in the case of ~/www
> directories, wouldn't this achieve what he wants to do?
>
> What I do not understand yet is does the OP want to hide *all* of the
> system from each user or just other users?

    This is what I understand: he wants to hide all the system to
  all users. Other users directories is easy: chmod 700 /home/*
  plus some usage of mount -o bind to let apache see the
  www dirs.

    Nick Smith, the first poster, asked specifically

I [...] would like to lock each user down to be able to see/edit
only files in his directory, and disable ssh access. [...]
Seems like that would be a huge security risk to have a user
able to browse to any directory he wishes and open/download
the contents.

    Being able to read the files of other user does not look
  like a "huge security risk". A privacy risk maybe, a small
  security risk (if some user has left a readable private key
  in a readable dir). Therefore I conclude that The first poster
  wanted to deny to all users the access to all the system
  except to their own files. As far as I can tell (and everybody
  else here) it is nearly impossible and mostly useless.

    I repeat here what has been said before by various persons
  (including my very own self), it is *not* a huge security risk
  to let anybody see and download most of the operating
  system. Obviously the private keys of the system must
  not be accessible, nor the encrypted passwords (even though
  I hope the encryption algorithm is better than what it was
  20 years ago). The sensible files are unreadable by default
  so that an Ubuntu system is mostly safe as is. Preventing
  users to read the files does *not* significantly improve the
  security (think: 0.1% more secure). Keeping the system
  patched is a *much* better security improvement, checking
  if the system is properly configured is *much* *better* (and
  in that case not leaving the users read the files has 0 impact
  on security).

      Loïc

More information about the ubuntu-users mailing list