How can I prevent users accessing anything but their own home directory?

How can I prevent users accessing anything but their own home directory?

For example, I have a NTFS partition mounted under /media/ntfs, so if the user logs in through ssh he can reach this partition. How can I disable the users to cd out from their home directory?


Reassess your requirement first. What is the problem you are trying to solve? Why do you want to prevent users from leaving their home directory? Isn't it rather that you don't want them to rummage through specific other directories -- such as the home directories of other users?

It is very difficult to prevent users from leaving their home directory. It is actually a bit silly, too (explanation follows). It is much simpler to prevent users from entering directories you don't want them to enter.

First off, yes you can give users a so-called restricted shell, see man rbash. This will prevent them from cd-ing elsewhere, but only inside that shell. If the user starts vi or nano (or any other program capable of opening a file) they can again open files anywhere on the system. As a matter of fact, a restricted shell does not prevent e.g. cat /etc/passwd.

The next step up is a root jail. More info on the community wiki and in this question. Though a root jail will lock users inside a walled garden, within which they have access to nothing but the files and commands that you intentionally put there, root jails really are intended for isolating untrusted software rather than users. In particular, they are for software that needs to run with elevated privileges -- hence a root jail.

Users, on the other hand, are trusted: they have had to authenticate and run without elevated privileges. Therefore file permissions suffice to keep them from changing files they do not own, and from seeing things they must not see. To prevent users from reading the content of a file, remove its world-readability with chmod o-r FILE . To keep users out of a directory, make it world-inaccessible with chmod o-rwx DIR.

World-readability is the default though, for good reason: users actually need most of the stuff that's on the file system. Don't lock users in their homes just because there exist secrets outside.

Why locking users in their home directory is a bit silly

To do anything useful, users need access to commands and applications. These are in directories like /bin and /usr/bin, so unless you copy all commands they need from there to their home directories, users will need access to /bin and /usr/bin. But that's only the start. Applications need libraries from /usr/lib and /lib, which in turn need access to system resources, which are in /dev, and to configuration files in /etc and /usr/share.

This was just the read-only part. Applications will also want /tmp and often /var to write into. So, if you want to constrain a user within his home directory, you are going to have to copy a lot into it. In fact, pretty much an entire base file system -- which you already have, located at /.


I needed to provide access to user sam on /var/xyz only and block listing contents of other folders inside /var/

I used the following sequence of commands:

setfacl -R -m user:sam:--- /var/

setfacl -m user:sam:rx /var/

setfacl -R -m user:sam:rwx /var/xyz/

So the user can see directories listed under /var/ but cannot see contents under sub directories except /var/xyz.


To complete the answer of @Willman, you can simply do this :

First, for users to not list all users home directories :

chmod 701 /home

But if you know the path of a user's home directory, you can still access it with cd.

So you could just chmod 750 all of your already-created users directories.

But what we want here is to prevent any new user's home directory to have a 755 permission on it. There is a file responsible of the configuration of new users : /etc/adduser.conf :

Just change DIR_MODE=0755 to DIR_MODE=0750