I want to provide access to the server to third parties, but I want to limit their scope to what they could not see beyond their home directory. If I expose recursively to guests for all files a prohibition on reading.

Will the OS then work normally or will it cause problems?

  • and how will access be granted? if on ssh, then there is a setting that prohibits the user from moving to their home (or any other) directory - torokhkun
  • and how to close the move above the home directory? - Artem Chernov
  • one
    what you have in mind will lead to the inoperability of your system. Perhaps, you will be satisfied not with the provision of the shell, but the provision of file access: ru.stackoverflow.com/a/424719/178576 - aleksandr barakin
  • one
    If you provide a shell, at least the /tmp should be writable. Look towards chroot . - VladD

1 answer 1

Home directories can have an access code of 750 and it will not hurt anyone.

Most programs will work fine if you disable reading directories ( find / -type d | xargs chmod or ) without changing anything with the files. Thus, users will still be able to access files if they know the name exactly (access to files is provided by the x-bit directory).

Access to the process list can be restricted when mounting /proc with the option hidepid