I would like to create some users on my ubuntu server. I only want to let the users have read/write access to their home directories, and not be able to read or write to any other user's home directory. Does anyone have a suggestion how to do this? Like is there a way to create a group that has these permissions and then add all the users to the group? Or do I need to create each user, and just grant them only read/write permission on their home directory? I'm new to ubuntu server and when I create a new user, it seems to have all the same permissions that my account does.
Asked
Active
Viewed 1,930 times
1 Answers
0
First, this question is better suited for Ask Ubuntu, the stack exchange site specifically for ubuntu questions.
To answer your question, I'd recommend reading the ubuntu article on user management, everything you need to know is there. Here are the relevant sections:
To add or delete a personalized group, use the following syntax, respectively:
sudo addgroup groupname sudo delgroup groupnameTo add a user to a group, use the following syntax:
sudo adduser username groupname
When a new user is created, the adduser utility creates a brand new home directory named /home/username. The default profile is modeled after the contents found in the directory of /etc/skel, which includes all profile basics.
If your server will be home to multiple users, you should pay close attention to the user home directory permissions to ensure confidentiality. By default, user home directories in Ubuntu are created with world read/execute permissions. This means that all users can browse and access the contents of other users home directories. This may not be suitable for your environment.
To verify your current user home directory permissions, use the following syntax:
ls -ld /home/usernameThe following output shows that the directory /home/username has world-readable permissions:
drwxr-xr-x 2 username username 4096 2007-10-02 20:03 usernameYou can remove the world readable-permissions using the following syntax:
sudo chmod 0750 /home/usernameA much more efficient approach to the matter would be to modify the adduser global default permissions when creating user home folders. Simply edit the file /etc/adduser.conf and modify the DIR_MODE variable to something appropriate, so that all new home directories will receive the correct permissions.
DIR_MODE=0750After correcting the directory permissions using any of the previously mentioned techniques, verify the results using the following syntax:
ls -ld /home/usernameThe results below show that world-readable permissions have been removed:
drwxr-x--- 2 username username 4096 2007-10-02 20:03 username
Kyle
- 109
- 1
- 9