How to prevent access to a folder by other users?

permissions users

I want to disallow reading of files in my home directory by other users. How should I accomplish this? Should I use encryption? If so, how do I do that?


  1. If you mean the files in /home, you're right. The default folder permissions are 755 (readable and executable/accessible by others).

    You can change the default permissions for all new folders by editing the file /etc/adduser.conf - Find the line...:

    DIR_MODE=0755

    To block others, change it to:

    DIR_MODE=0750

    To also block people in the same group (see ls -l /home) change it to:

    DIR_MODE=0700

    Changes will take effect when you create a new user.

  2. You can also change the default umask value - edit the file /etc/login.defs:

    The default umask 002 used for normal user. With this mask default directory permissions are 775 and default file permissions are 664.

    The default umask for the root user is 022 result into default directory permissions are 755 and default file permissions are 644.

    For directories, the base permissions are (rwxrwxrwx) 0777 and for files they are 0666 (rw-rw-rw).

    In short,

    A umask of 022 allows only you to write data, but anyone can read data.

    A umask of 077 is good for a completely private system. No other user can read or write your data if umask is set to 077.

    A umask of 002 is good when you share data with other users in the same group. Members of your group can create and modify data files; those outside your group can read data file, but cannot modify it. Set your umask to 007 to completely exclude users who are not group members.

    Source: http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html

  3. You can change the default file/folder permissions (i.e. when you create a new file) of a specific folder by using these commands:

    chmod g+s /folder/mypath  # set sticky bit 
setfacl -d -m g::rwx /folder/mypath  # set group to rwx default 
setfacl -d -m o::000 /folder/mypath  # set other

    Verify the change:

    getfacl /folder/mypath

    Source: https://unix.stackexchange.com/questions/1314/how-to-set-default-file-permissions-for-all-folders-files-in-a-directory

    https://www.linuxquestions.org/questions/linux-desktop-74/applying-default-permissions-for-newly-created-files-within-a-specific-folder-605129/

    For clarification, the /root folder is by default set as non-readable:

    $ ls -ld
/root drwx------ 9 root root 4096 Jul 27 19:00 /root

  4. You can instantly change the permissions of existing files/folders using the chmod and chown commands, described here: http://www.cyberciti.biz/faq/how-to-use-chmod-and-chown-command/

    Same effect can be accomplished by right-clicking on a file/folder > properties > permissions


Let say your folder is OKBAI and you want only root user to access.

Just run this command.

sudo chown -R root:root OKBAI

sudo chmod 0750 OKBAI

But this method not very practical. Just simple way to prevent your guest from accessing your folder. If i got any wrong here, please let me know.

Related

change gsettings without running X and Unity
Change default guest session launcher applications?
How can GIMP 2.8 have two different icons simultaneously?
oracle-java8-installer results in "apt" removal? [closed]
alt key for HUD conflict
Where did /etc/init.d/dovecot go in 14.04?
Installing breach browser
'Failed to find session configuration default' (lightdm.log)
How to block specific apps from opening in specific accounts
Why do PDF documents open with ImageMagick?
Language change doesn't work in ubuntu 15.04
Open source FortiGate (Forti SSL VPN) client support in Ubuntu