How to lock a user in home directory [SOLVED]

[Zakke]

So, how can I lock a user in the home directory?

[i92guboj]

Im not sure if I understood you.

If you mean 'to deny the access to any other dir than yours' then thats almost impossible.

Users will have to have full read access to many places, starting with the locations of the system user binaries, otherwise they could not run any command. Also the programs themselves need read access to some shared libraries in other dirs. Usually the dafault permissions that are set when installing a package are good enough and very well tested and suitable for almost everybody, unless you are doing something special with that machine.

In addiction so much programs needs also write access to many dirs under /var and /tmp, and to change that would require so much tweaking on most apps. It would be a so hard work.

The thing that you can safelly do is to change the users home permissions, so that every user is the only one allowed to access and read it. To do that you can use 'chmod 700 /home/*'. Now only the owner of each dir can access it.

Of course you need to make sure that each user is the owner of its home, you can do that by doing 'ls -ld /home/*'

[Zakke]

isnt there a way to chroot the user somehow ?

[i92guboj]

Yes, usually only root can do that, but there are workarounds, see

https://forums.gentoo.org/viewtopic-t-319640-start-0-postdays-0-postorder-asc-highlight-chroot+normal.html

The problem is that, to make a chroot you need another fully working gentoo in your harddrive. So maybe is not a good idea unless you really need that. You will have to make a copy of your system. You can also install a minimal system (the base one) and then a complete one, that will be the one you use when you work as normal user when you chroot.

This way only root has access to the undelying system.

[Zakke]

solved with jail:

http://www.jmcresearch.com/projects/jail/howto.html