23

There's a specific user that I don't want to be able to access my home directory. How do I deny access to them, while still allowing access to others who would normally have it?

Blacklight Shining
  • 273
Rob John
  • 343
  • 2
    possible duplicate of Restrict acces to my home folder from another standard user account – user68186 Apr 14 '15 at 14:23
  • 2
    IMO the best way is with encryption - https://help.ubuntu.com/community/EncryptedPrivateDirectory. If you want to have a finer grain of control you need to use ACL - https://help.ubuntu.com/community/FilePermissionsACLs and – Panther Apr 14 '15 at 14:30
  • 4
    @user68186 (and others) It may not be a duplicate as Rob may want to restrict only one user and not all users. – Panther Apr 14 '15 at 14:31
  • 1
    Thanks @bodhi.zazen for pointing this out. I will retract my close vote, but keep the link in comment, in case someone is looking for a more general solution. – user68186 Apr 14 '15 at 14:34
  • @bodhi.zazen Encryption and ACLs solve two completely different issues. Encryption may be worth a mention here, but it's not a solution. – Blacklight Shining Apr 14 '15 at 23:41
  • 2
    Please remove the close votes --- the question is NOT a duplicate; OP was asking to restricting access to just one user, which is not solved in the proposed duplicate. – Rmano Apr 15 '15 at 08:16
  • @BlacklightShining - I would not say they are completely different issues, they are different tools to restrict access with advantages and disadvantages. – Panther Apr 15 '15 at 20:48
  • 1
    @bodhi.zazen They restrict access at different levels, one of which is not applicable here. Encrypting your home directory won't prevent other users on the system from accessing it when it's mounted; restrictive permissions on the mountpoint (or a parent directory) will. – Blacklight Shining Apr 15 '15 at 23:12

1 Answers1

30

If you want to limit access to users outside of your group or any other user, the question is a duplicate of Restrict access to my home folder from another standard user account

Otherwise, if you want to restrict access to just one user, call it enemyuser, use ACL: 

cd ~
setfacl -m u:enemyuser:000 .

...and just enemyuser will have the access to your home directory denied.

To check the effect: 

[romano@pern:~] % chacl -l .
. [u::rwx,u:enemyuser:---,g::r-x,m::r-x,o::r-x]

To remove the ACL, you just say:

setfacl -x u:enemyuser .

The *acl commands used here are from the package acl, which should be installed by default (at least, I think).

Community
  • 1
Rmano
  • 31,947
  • Thanks a lot. Exacly what I wanted. In case I change my mind and I need to allow enemyuser access, what do I need to do? – Rob John Apr 14 '15 at 15:53
  • 4
    To remove the ACL, replace the -m with -x. – Riking Apr 14 '15 at 19:06
  • On my system, the command lsacl does not exist. Where did you get it? – Paddy Landau Apr 21 '15 at 11:25
  • @PaddyLandau oops, it's a script I got from internet some time ago that pretty-prints long ACL lists. I changed the answer using standard tools. Here: https://lists.gnu.org/archive/html/coreutils/2014-10/msg00031.html – Rmano Apr 21 '15 at 12:40