Not sure where to post this, but as the title says I am trying to create an admin user that does not have access to other users home folders. I want to do remote assistance for my clients over ssh using Tailscale but I don’t want my user to have access to their personal folders. The only one that I want shared is their “Public” folder to scp files to them. I was using NoMachine but the bandwidth usage is high and most things I can do over ssh on my phone using Termux.
AFAIK you would need to set it up so that the admins only have specific privledges. You cant give them blanket sudoer privileges as you cant then stop them accessing things.
I believe in the sudoers file you can specify exactly the sort of operations that are allowed by users within a specific group. This would allow you to setup admins that have specific tasks they can do with sudo for administration but then limit the access they have.
On default separate users shouldnt have access to other users files to my knowledge so in that regard as long as they arent given the ability to change file permissions,etc. and you limit the sudoer privledges to only the necessary options you should be good
@dalto might know a bit more than me on this
EDIT: as for the users not accessing their personal files, you would have to set ownership and access rights for specific folders/files
Might just figure out what I need to access. Mostly updating and fixing random issues related to it.
Basicly I will have the user set the Tailscale interface up, I remote log in and fix stuff or drop files in their Public folder, then they kick me out by turning off tailscale. I just want to keep my access to their files restricted so that if something comes up there is less liability. Now days that might be impossible, but still it’s a step closer than these other support companies. I connected to a machine one time using Teamviewer and somehow the connection got switched up and was connected to a business in Canada.