I was wondering how to setup user accounts on linux where the user cannot read or edit outside their home directory.
Generally you want to chroot them into their home directory. If you do a google search on something like "linux chroot home directory" You will pull up hundreds of howto's on the subject.
It's just not as easy as running a single command.
Valid question, +1 to remove negative vote. Mike's is the "proper way" to achieve what you seek.
The direct answer (and a PITA way of doing things) is to screw up your system's permissions. You might think that a massive chmod -R 750 * would do it, however then your users will not be able to run programs or read important initialization files in /etc.
What I would do to still grant people access to important info is chmod directories to 751 or 711, which is
drwx--x--x. This allows people to "execute" a folder, which lets them go into it but they cannot get a directory listing. So if you chmod 751 (or 711) /etc, someone can still read normal files that are 644 if they know these files are there. So you could
cat /etc/hosts or other important setup files in order to operate as normal.
It's not what I might call the true way (or correct answer), but this is what I would do as a user to share services with other users while still keeping some privacy.
Now that I've thought more about this, an actual scenario for this question might be the mildly paranoid virtual host granting occasional ssh access to users. I would try something like
find /etc/ -R -type d -perm 755 -print0 | xargs -0 chmod 711 This might actually keep people from snooping around too much. If someone were real good, obviously, they'll guess file names...
Another real case for weird
711 directory permissions is setting up a samba share on a fileserver and still give individual users their own home directories on the share. That gets set as so:
drwx--S--T. 38 chris samba 12K 2012-06-14 17:16 chris