limiting the user
Hi, everyone..
I want to add a user who can only access his home directory but nowhere else. (running redhat 8.0) I read alot about it and as much I read, I confused more... Please help. Here is what I did: I added a new user (test) /etc/passwd test:x:506:506::/var/www/./test/:/bin/bash then edit /etc/security/chroot.conf as below # /etc/security/chroot.conf # format: # username_regex chroot_dir #matthew /home test /var/www/test But, when I login (telnet or ssh) with this account, I can still access other directories.. Do I need to add any "pam_chroot.so" somewhere? What am I doing wrong? There will be more than 50 users like that in this system. Is this the best way? Thanks for your help in advance. |
I'm not sure about editing the file by hand but have you tried to run the command to chroot them to a directory?
man chroot for more details. |
Thanks for reply..
Yes, I did read the manual, but as I said I am more confused after all of that. There must be a very basic solution for that :( So, is it enough to run chroot command itself? How do I say that I just want to use it for a specific user? What I understood is chroot command is for only running a command from a certain directory? I got lost in that.. help!.. Thanks in advance.. |
Did you add a "session required /lib/security/pam_chroot.so" line to /etc/pam.d/login? And AFAIK it isn't necessary to specify a ftp-style chroot home in passwd like the /dir/dir./dir you added.
Also note for a chroot to work you need to add some basic config files, libraries and GNU utilities to the chroot. The 1st sticky thread in the Linux - Security forum has some docs on chrooting, it's the 4th post, titled "Chroot, chrooting, jailing, comparimization". |
Thanks alot for your reply.. I search on the forum alot but I think I could see that one.
As you said, I add "session required /lib/security/pam_chroot.so" to /etc/pam.d/login. But, in the documents I couldn't see anything what to do about : "Also note for a chroot to work you need to add some basic config files, libraries and GNU utilities to the chroot" Can you give me some more clue please? As a newbie, it is really difficult to figure out it for me.. Probably I can not see it becuse I couldn't get the logic of it yet.. Thanks alot in advance.. |
AFAIK a normal user can only access his homw directory bt default
|
Quote:
And the sanest way to do this is by chrooting the user to his/her own homedir. Therefore, when they do cd / it will actually take them to their homedir. |
Ok, I am trying jail sw for chrooting now. I installed jail_1.9
I followed the document exactly.. Like this: 1) Create the user /etc/passwd test2:x:507:507::/var/chroot/:/usr/local/bin/jail 2) install the sw 3) create the chroot /usr/local/bin/mkjailenv /var/chroot adding sw on it /usr/local/bin/addjailsw /var/chroot adding users to chroot /usr/local/bin/addjailuser /var/chroot /home/test2 /bin/bash test2 here is my user: /var/chroot/etc/passwd test2:x:507:507::/home/test2:/bin/sh Thats all.. it is working.. But.. When I login with test2 user, I can change directory to /var/chroot (as my root directory) and I can see other user's directories and all directories under /var/chroot. I don't want anyuser to see any other directory but his own home directory. Can you please help? What am I doing wrong? Thanks.. |
All times are GMT -5. The time now is 01:22 PM. |