Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
On my Fedora system, I want users to be only able to see their home directory and all the subfolders.
Right now, when I add a new user using "useradd", they can all see the content in every directory, even the "/".
What can I do to achieve this?
You'll need to use a chroot in order to achieve this.
Note, however, if they are in a chroot, they need a copy of EVERY program, even things like /bin/ls, that they will want to run, in their home directory (i.e., /home/USERNAME/bin). This can be accomplished, I think, by using hardlinks to the real files. Of course, that would only work if /home and /bin reside on the same partition. Most likely, you'll need to make full copies (or explore alternatives, like using busybox, and creating a /home/bin to which you can make hardlinks for each user).
One question about chroot:
I've managed to create a chrooted env for a user that i need in order to connect through ssh
so i copied all the needed files and created a second 'virtual hierarchy'.
The thing is:
When i connect through an ssh client, the hierarchy has:
Is there some way to make all the folders except home invisible?
Originally posted by or1onas i'll try that later and i'll tell you if it works...
btw, i did 'chmod o-r' for /usr,/bin,/dev,/lib.
Does that make a recursive change on the files too?
Not unless you did "chmod -R o-r [directory]".
I don't know if it matters, but I think you still have the subdirectories in /usr etc. listable as long as a user can guess their names (which shouldn't be too difficult for the standard directories). Why are you doing this anyhow?
You're right about the directories being listable if guessed (which is not to difficult of course), but no dir listing access is given to them to by chmod -r.
So the user can only get inside his home folder and try to cd to /bin,/lib,etc but he gets a permission denied if he tries to do an ls...
I've already said that i set up an ssh server for sftp and i created a chrooted environment for security reasons...