Prevent user from seeing list of other user's home dir

I want to prevent a user from seeing a list of home directory(of other users). By default, a user can not access other user's home dir but can find another user's home dir like below:

[opc@instance-20210712-0826 home]$ cd /home
[opc@instance-20210712-0826 home]$ ls -lh
total 8.0K
drwx------. 10 opc       opc       4.0K Nov 14 22:52 opc
drwx------.  2 otheruser otheruser   62 Nov 28 18:19 otheruser
drwx------.  3 yaskur    yaskur    4.0K Nov 28 01:45 yaskur

In another way, a user can see a list of other users (based on home dir). I want to prevent it. It's similar to WHM/cPanel do, if I logged in as a user I can not see other user home dir:

[myuser@sng128 ~]$ cd /home
[myuser@sng128 home]$ ls -l
total 4
drwx--x--x 25 myuser myuser 4096 Nov 28 08:27 myuser

I use Oracle Linux which is similar to CentOS or Rocky Linux.


Solution 1:

Restrictive file permissions do not prevent a user from enumerating other users and their home directories. getent passwd from glibc will list users including their home directories. The underlying getpwent() function can also be called by a program.

To fully prevent any user from listing other user's home directories, isolate the user. As in, give them their own container. Although "container" could be implemented a variety of ways: hardware VM, software VM (User Mode Linux), OpenVZ, chroot, podman containers, or the Linux User and and PID isolation namespaces in general.