0

I have one directory that I would like to prevent access for specific user. For example /home/myuser/secret should not be readable, accessible etc to specific user. He can see that directoty exists, but can't access / read its contents or modify any way.

How can I do that?

Andrius
  • 19,658
  • 37
  • 143
  • 243
  • Other user should "navigate" into that home dir and only "a specific" (or a subset) user could not? – DonCallisto Sep 17 '14 at 14:09
  • Other users if not specified, can see that directory on default. But if I specify to specific user that he can't see what's inside that dir, he should not see it – Andrius Sep 17 '14 at 14:10
  • Andrius: no, other users can't by default into a unix system. However, I'll answer you under here – DonCallisto Sep 17 '14 at 14:38

3 Answers3

1

If the filesystem supports ACLs, you can do this:

setfacl -m "u:dude:---" /home/myuser/secret

Which says the user dude should have no access (neither r nor w nor x) to that directory.

To verify, run the getfacl command:

$ getfacl /home/myuser/secret
# file: home/myuser/secret
# owner: myuser
# group: myuser
user::rwx
user:dude:---
group::rwx
mask::rwx
other::r-x
Mark Plotnick
  • 9,598
  • 1
  • 24
  • 40
0

Hello Linux Permissions are set as "Whitelist". You try to specify a blacklist.

I'w create a group with all user who should have access.

Fabio Hyneck
  • 46
  • 2
0

If you want to let other user navigate an arbitrary /home/ dir of another user, but you want to deny others to do that, you can procede as follows

  • let group to read and execute on that folder chmod 750 /home/myuser/secret
  • create a group that will be assigned to that folder groupadd secret_users
  • chown -R :secret_users /home/myuser/secret
  • add users to the group by editing /etc/group file. user inserted here could read files inside that folder but other users can't
DonCallisto
  • 29,419
  • 9
  • 72
  • 100