SEARCH

How-To Geek

How to Prevent Other Users From Accessing Your Home Directory in Ubuntu 14.04

00_lead_image_home_directory

If you share your Ubuntu machine with other people, you probably have multiple users set up, thinking that the other users log into their own accounts and only have access to their own home directories. However, by default, any user can access any home directory.

RELATED ARTICLE
HTG Explains: How Do Linux File Permissions Work?
If you’ve been using Linux for some time (and even OS X) you’ll probably have come across a “permissions” error.... [Read Article]

When you add a new user in Ubuntu, the adduser utility creates a new home directory for the new account. By default, the new home directory is placed in the /home/ directory on the root followed by the username. For example, /home/lori. User home directories in Ubuntu are created with world read/execute permissions, giving all other users on the system rights to read the contents of other users’ home directories. See our article for more information about how file permissions work in Linux.

NOTE: When we say to type something in this article and there are quotes around the text, DO NOT type the quotes, unless we specify otherwise.

You can easily change the permissions for your home directory to protect your private files. To check the permissions on your home directory, press Ctrl + Alt + T to open a Terminal window. Type the following line at the prompt and press Enter. Replace “<username>” with your own username.

ls –ld /home/lori

NOTE: The command contains only lowercase L’s not the number 1.

At the beginning of the line, the permissions for the file are listed. As said in our article about Linux permissions:

“The r stands for “read,” the w stands for “write,” and the x stands for “execute.” Directories will start with a “d” instead of a “-“. You’ll also notice that there are 10 spaces which hold value. You can ignore the first, and then there are 3 sets of 3. The first set is for the owner, the second set is for the group, and the last set is for the world.”

So, the home directory listed below has read, write, and execute permissions for the owner and read and execute permission for the group and world.

01_permissions_for_home_folder

To change these permissions, type the following line at the prompt and press Enter.

sudo chmod 0750 /home/lori

Type your password when prompted and press Enter.

NOTE: The chmod command uses octal numbers as one way to indicate permissions. Our article about Linux file permissions uses a different method that requires more steps but may be easier to understand. Using the octal numbers to specify permissions is a quicker method. Use whichever method with which you are more comfortable. To learn about using octal numbers to set permissions, see this article.

02_changing_permissions_for_home_folder

RELATED ARTICLE
The Beginner’s Guide to Managing Users and Groups in Linux
Ubuntu Linux uses groups to help you manage users, set permissions on those users, and even monitor how much time they are spending in front of the PC. Here’s a beginner’s guide to how it all works. [Read Article]

Press the up arrow twice to use the “ls –ld /home/<username>” command again to check the permissions. Notice that the permissions for world are all dashes (-). That means that the world cannot read, write, or execute anything in your home directory.

However, users in the same group as you can read and execute files and folders in your home directory. If you don’t want anyone else but yourself to have access to your home directory, enter “0700” as the numbers in the chmod command.

NOTE: For more information about managing users and groups in Linux, see our article.

To close the terminal window, type “exit” at the prompt and press Enter.

03_new_permissions

Now, when other users on the system try to access your home directory, the following dialog box displays.

04_location_could_not_be_displayed

You can also set up Ubuntu to use specific permissions when setting up the home directory for a new user you are creating. To do this, you need to edit the adduser configuration file. To do this, type the following command at the prompt and press Enter.

gksudo gedit /etc/adduser.conf

We are using gedit to edit the file. You can use a different text editor if you want.

NOTE: The gksudo command is like the sudo command but is used to run graphical programs as root. The sudo command is used to run command line programs as root.

05_opening_gedit_as_root

Enter your password in the Password edit box on the dialog box that displays and press Enter or click OK.

06_entering_password

Scroll down to the DIR_MODE command in the adduser.conf file. The number set is “0755” by default. Change it to reflect the  different types of permissions (r, w, x) you want to grant to the different types of users (owner, group, world), such as “0750” or “0700” as discussed earlier. Click Save.

07_changing_dir_mode

Close gedit by selecting Quit from the File menu. You can also click the X button in the upper-left corner of the window to close gedit.

08_closing_gedit

Close the Terminal window by clicking the X in the upper-left corner of the window.

09_closing_terminal_window_with_x

Now, the files in your home directory will remain private. Just remember that, if there are other users in the same group as you, you might want to take away the permissions for both group and world for your home directory.

Lori Kaufman is a freelance technical writer who likes to write geeky how-to articles to help make people's lives easier through the use of technology. She loves watching and reading mysteries and is an avid Doctor Who fan.

  • Published 06/6/14