Re: [K12OSN] How to hide home folders

[Steve Switzer <steve switzerny org>]

Jennifer,
  Personally, I think this is a great way to do this. Thanks!
All,
  This also got me thinking... Is there a way to create a dynamic 
symbolic link? Something like this:

ln -s $HOME /myhome

This works, except it creates a link for all users that points to the 
home of whoever ran the command. Is there a way to do this so that the 
link looks at the logged in user at the time of access?
If so, Jennifer, you have an even better solution. :)

Steve

Jennifer Waters wrote:

> I had this problem, in that I have to use the first
> initial of the first name, the first initial of the
> last name, and student ID number for home folders and
> passwords.  This was creating quiet a problem in that
> anyone could see all of the home folders if they went
> into the home directory.  
>
> I was able to get some help and this is the solution
> we can up with to only allow the individual to see
> their own folder and not have permissions to see
> anyone else's.
>
> Steps to accomplish first:
>
> 1.  Ensure that you have a generic user group.
>    Named my group users.
>    Ensure that each student has an account.
>    Each student account on the machine should be a
>     member of the users group.
> 2.  On the home directory ( /home? the mask is:  711
> 3.  The user is root
>    The group is users
> 4.  On Setgid files do not inherit group (Box is
>     unchecked.
>    Apply changes on this directory only.
>    Sticky is unchecked.
> 5.  This means that students can cd to /home, but
>     cannot list its contents.  They can traverse to
>     this point in the path and can go down further
>     into the file system tree as well.
> 6.  The permissions on /home/jc334455 are:  770
>     User id jc334455
>     Group is jc334455
>     Sticky is unchecked
>     Setgid is unchecked
>     Apply changes to this directly only
> 7.  Configure each home directory in this manner.
> 8.  Tell students that they must enter the full path
>     to their home directory where ever its needed
>     (Save paths, command line, etc) or they will get
>     a permission denie error.
> 9.  For example:
>    /home/jc334455/filename.txt
>    In this test, students can only see the contents
>    of their own home directory.  This is the only
>    directory they can write files to or delete files
>    from.  They can not cd into another users home
>    directory or list another users home directory
>    content. They can not list the contents of home.
>    The only stipulation is that they must use a full
>    path statement to get to their directory. 
>    Basically other users and their work are completly
>    invisible to a specific user.
>
> Hope this will help anyone that has had the same
> problem that I came across.  It is not the best way to
> do something, but it is a great workaround.
>
> Jennifer
>