Prevent user from seeing list of other user's home dir
I want to prevent a user from seeing a list of home directory(of other users). By default, a user can not access other user's home dir but can find another user's home dir like below:
[opc@instance-20210712-0826 home]$ cd /home
[opc@instance-20210712-0826 home]$ ls -lh
total 8.0K
drwx------. 10 opc opc 4.0K Nov 14 22:52 opc
drwx------. 2 otheruser otheruser 62 Nov 28 18:19 otheruser
drwx------. 3 yaskur yaskur 4.0K Nov 28 01:45 yaskur
In another way, a user can see a list of other users (based on home dir). I want to prevent it. It's similar to WHM/cPanel do, if I logged in as a user I can not see other user home dir:
[myuser@sng128 ~]$ cd /home
[myuser@sng128 home]$ ls -l
total 4
drwx--x--x 25 myuser myuser 4096 Nov 28 08:27 myuser
I use Oracle Linux which is similar to CentOS or Rocky Linux.
Solution 1:
Restrictive file permissions do not prevent a user from enumerating other users and their home directories. getent passwd
from glibc will list users including their home directories. The underlying getpwent()
function can also be called by a program.
To fully prevent any user from listing other user's home directories, isolate the user. As in, give them their own container. Although "container" could be implemented a variety of ways: hardware VM, software VM (User Mode Linux), OpenVZ, chroot, podman containers, or the Linux User and and PID isolation namespaces in general.