Lesson 10 : Prevent Home Folders Browsing on Ubuntu Systems

Student lesson assignment: How do you prevent account users from browsing all home directories on Ubuntu systems?

By default, all account holders on a Ubuntu system can browse all home directories of other users. Users may not be able to edit or delete content from another user’s home folder, but can view all content, except the owner of the folder change its permission manually.

Isolating users home directories is important especially on a shared hosting environment. User shouldn’t be allowed to browse another user’s content right out of the box.

To prevent this, this brief tutorial is going to show you how to configure Ubuntu so all users home directories are not world view-able.

To test this setting, logon to Ubuntu, press Ctrl — Alt — T on  your keyboard. Doing that will open the command console. Then type the line below and press Enter.

ls -ld /home/username

Replace username with a valid account name and the result will show the permission as below.

drwxr-xr-x 17 richard richard 4096 Sep 21 20:28 /home/username

The highlighted letters show that group and everyone can view content in the user called richard home directory.  r stands for read access. The permission scheme on Linux systems give the first three letters to the owner, next three group, and last three others

The d stands for directory. Not relevant here.

Step 1 : Disable User Access to Directories

To disable user access to a particular directory, run the commands below.

sudo chmod 0750 /home/username

The commands above show the owner has full rights which is 7, 5 represents the user group.. usually it’s the same as the username can read and execute. 0 which represents everyone else has no access to the user’s home directory.

Step 2 : Disable users access to home directories by DEFAULT

To build this into Ubuntu systems so that every new user will have their folder protected, open the adduser.conf file by running the commands below.

sudo nano /etc/adduser.conf

Then change the line with DIR_MODE=0755 to 0750 and save the file.

# If DIR_MODE is set, directories will be created with the specified
# mode. Otherwise the default mode 0755 will be used.
DIR_MODE=0750

This is how you do it. Going forward, all users will be created with their home directories being protected.

You made also like the tutorial below:

Lesson 5: Group Management on Ubuntu System

Enjoy!

Tags: