How to deny a specific user to even list a specific path?

Nicky Harpor

3/20/23, 10:37 AM

I read many QAs here, but none of them could answer me, so I decided to ask.

Let's say I've just created a new user son, and I want him to have sudo permission so he can install new packages [it's done by adding him to sudoers].

I don't want him to be able to list or read or do anything else under /root and /home, but have full access in /home/son. It means, he can't ls /home and if there is a file /root/private/password.txt, there is no possible way for him to know it's there.

I don't want to jail root. I don't want to change his shell to something like rbash. I tried some setfacl commands but still no success.

0 + 0

permissions

matigo

3/20/23, 11:15 AM

If someone has `sudo`, they are `root`. One way to block access to a directory would be via encrypted volumes that are unmounted when a user signs out

ubfan1

3/20/23, 5:57 PM

The sudoers file does have granularity, so you can add specific programs for specific users without giving out the keys to the castle. The x permission on dirs does limit scanning, but you cannot remove all read access on /home and expect /home/son to be available.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to deny a specific user to even list a specific path?

TH: จะปฏิเสธผู้ใช้เฉพาะไม่ให้แสดงเส้นทางเฉพาะได้อย่างไร

RO: Cum să interziceți unui anumit utilizator să listeze chiar și o anumită cale?

RU: Как запретить конкретному пользователю даже указывать определенный путь?

VI: Làm cách nào để từ chối một người dùng cụ thể để liệt kê một đường dẫn cụ thể?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.